Bug 246465
| Summary: | Minicom might dereference NULL pointer when it is suspended while exiting | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Lubomir Kundrak <lkundrak> | ||||
| Component: | minicom | Assignee: | Miroslav Lichvar <mlichvar> | ||||
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | low | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | rawhide | Keywords: | EasyFix | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2007-07-10 13:04:26 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Created attachment 158332 [details]
Fix for minicom race conditions that can result in NULL dereference during shutdown
Should be fixed in minicom-2.2-2.fc8. Thanks. |
Description of problem: In case minicom is suspended by its user (e.g. after susp control sequence is entered on the controlling terminal) it restores the alternate/saved screen contents and goes to sleep. When it is awaken via SIGCONT, it attempts to redraw its screen contents. In case this is done during minicom's shutdowns, it might happen that the structures describing the screen contents have been freed, and thus the attempt to use them will result in a Segmentation Fault due to dereference of the NULL pointer. The relevant lines of code are: 880 int main(int argc, char **argv) ... 1295 #ifdef SIGTSTP 1296 signal(SIGTSTP, shjump); .. 1299 #endif .... 1531 wclose(stdwin, 1); 610 void wclose(WIN *win, int replace) ... 622 if (win == stdwin) { 623 win_end(); 624 return; 625 } 2142 void win_end(void) ... 2165 gmap = NULL; After mincicom reaches this line, sending a TSTP signal will trigger the following: 108 static void shjump(int dummy /* __attribute__((unused)) */) ... 116 wreturn(); 692 void wreturn(void) ... 716 e = gmap; 717 for (y = 0; y <LINES; y++) { 718 for(x = 0; x < COLS; x++) { 719 _write(e->value, -1, x, y, e->attr, e->color); And here the NULL pointer e is dereferenced. Version-Release number of selected component (if applicable): minicom-2.2-1.fc6 Additional info: The attached patch tries to address the issue by deregistering custom signal handlers before cleaning up structures used by minicom and adds an extra safety check to SIGTSTP handler (that is "just in case" -- maybe unuseful).