From: Thomas E. Dickey Date: Sun, 27 Feb 2022 01:00:55 +0000 (+0000) Subject: ncurses 6.3 - patch 20220226 X-Git-Tag: v6.4~46 X-Git-Url: https://ncurses.scripts.mit.edu/?p=ncurses.git;a=commitdiff_plain;h=2ef2f5486df4a90e2aa9d7544c79b42bca961066 ncurses 6.3 - patch 20220226 + fix issues found with coverity: + rewrite canonical_name() function of infocmp to ensure buffer size + corrected use of original tty-modes in tput init/reset subcommands + modify tabs program to limit tab-stop values to max-columns + add limit-checks for palette rgb values in test/ncurses.c + add a few null-pointer checks to help with static-analysis. + enforce limit on number of soft-keys used in c++ binding. + adjust a buffer-limit in write_entry.c to quiet a bogus warning from gcc 12.0.1 --- diff --git a/NEWS b/NEWS index fdcd6760..68ee00e4 100644 --- a/NEWS +++ b/NEWS @@ -26,7 +26,7 @@ -- sale, use or other dealings in this Software without prior written -- -- authorization. -- ------------------------------------------------------------------------------- --- $Id: NEWS,v 1.3780 2022/02/20 00:40:32 tom Exp $ +-- $Id: NEWS,v 1.3782 2022/02/26 23:50:53 tom Exp $ ------------------------------------------------------------------------------- This is a log of changes that ncurses has gone through since Zeyd started @@ -46,6 +46,17 @@ See the AUTHORS file for the corresponding full names. Changes through 1.9.9e did not credit all contributions; it is not possible to add this information. +20220226 + + fix issues found with coverity: + + rewrite canonical_name() function of infocmp to ensure buffer size + + corrected use of original tty-modes in tput init/reset subcommands + + modify tabs program to limit tab-stop values to max-columns + + add limit-checks for palette rgb values in test/ncurses.c + + add a few null-pointer checks to help with static-analysis. + + enforce limit on number of soft-keys used in c++ binding. + + adjust a buffer-limit in write_entry.c to quiet a bogus warning from + gcc 12.0.1 + 20220219 + expanded description in man/resizeterm.3x + additional workaround for ImageMagick in test/picsmap.c diff --git a/VERSION b/VERSION index a18db848..1b5a4fdc 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -5:0:10 6.3 20220219 +5:0:10 6.3 20220226 diff --git a/c++/cursslk.cc b/c++/cursslk.cc index 9922163c..b0dd4ab0 100644 --- a/c++/cursslk.cc +++ b/c++/cursslk.cc @@ -1,6 +1,6 @@ // * this is for making emacs happy: -*-Mode: C++;-*- /**************************************************************************** - * Copyright 2019,2020 Thomas E. Dickey * + * Copyright 2019-2020,2022 Thomas E. Dickey * * Copyright 1998-2005,2012 Free Software Foundation, Inc. * * * * Permission is hereby granted, free of charge, to any person obtaining a * @@ -36,7 +36,7 @@ #include "cursslk.h" #include "cursesapp.h" -MODULE_ID("$Id: cursslk.cc,v 1.19 2020/07/18 19:57:11 anonymous.maarten Exp $") +MODULE_ID("$Id: cursslk.cc,v 1.20 2022/02/26 17:57:23 tom Exp $") Soft_Label_Key_Set::Soft_Label_Key& Soft_Label_Key_Set::Soft_Label_Key::operator=(char *text) @@ -56,6 +56,8 @@ Soft_Label_Key_Set::Label_Layout void Soft_Label_Key_Set::init() { + if (num_labels > 12) + num_labels = 12; slk_array = new Soft_Label_Key[num_labels]; for(int i=0; i < num_labels; i++) { slk_array[i].num = i+1; diff --git a/dist.mk b/dist.mk index daffca71..3c653a86 100644 --- a/dist.mk +++ b/dist.mk @@ -26,7 +26,7 @@ # use or other dealings in this Software without prior written # # authorization. # ############################################################################## -# $Id: dist.mk,v 1.1467 2022/02/19 12:13:47 tom Exp $ +# $Id: dist.mk,v 1.1468 2022/02/26 12:23:15 tom Exp $ # Makefile for creating ncurses distributions. # # This only needs to be used directly as a makefile by developers, but @@ -38,7 +38,7 @@ SHELL = /bin/sh # These define the major/minor/patch versions of ncurses. NCURSES_MAJOR = 6 NCURSES_MINOR = 3 -NCURSES_PATCH = 20220219 +NCURSES_PATCH = 20220226 # We don't append the patch to the version, since this only applies to releases VERSION = $(NCURSES_MAJOR).$(NCURSES_MINOR) diff --git a/ncurses/tinfo/alloc_entry.c b/ncurses/tinfo/alloc_entry.c index c13f86ee..0bc93942 100644 --- a/ncurses/tinfo/alloc_entry.c +++ b/ncurses/tinfo/alloc_entry.c @@ -1,5 +1,5 @@ /**************************************************************************** - * Copyright 2018-2020,2021 Thomas E. Dickey * + * Copyright 2018-2021,2022 Thomas E. Dickey * * Copyright 1998-2013,2017 Free Software Foundation, Inc. * * * * Permission is hereby granted, free of charge, to any person obtaining a * @@ -48,7 +48,7 @@ #include -MODULE_ID("$Id: alloc_entry.c,v 1.66 2021/08/08 00:09:37 tom Exp $") +MODULE_ID("$Id: alloc_entry.c,v 1.68 2022/02/26 22:19:31 tom Exp $") #define ABSENT_OFFSET -1 #define CANCELLED_OFFSET -2 @@ -62,16 +62,18 @@ NCURSES_EXPORT(void) _nc_init_entry(ENTRY * const tp) /* initialize a terminal type data block */ { + if (tp == NULL) { #if NO_LEAKS - if (tp == 0) { - if (stringbuf != 0) { + if (stringbuf != NULL) { FreeAndNull(stringbuf); } return; - } +#else + _nc_err_abort("_nc_init_entry called without initialization"); #endif + } - if (stringbuf == 0) + if (stringbuf == NULL) TYPE_MALLOC(char, (size_t) MAX_STRTAB, stringbuf); next_free = 0; @@ -84,7 +86,7 @@ _nc_copy_entry(ENTRY * oldp) { ENTRY *newp = typeCalloc(ENTRY, 1); - if (newp != 0) { + if (newp != NULL) { *newp = *oldp; _nc_copy_termtype2(&(newp->tterm), &(oldp->tterm)); } @@ -99,26 +101,28 @@ _nc_save_str(const char *string) size_t old_next_free = next_free; size_t len; - if (!VALID_STRING(string)) - string = ""; - len = strlen(string) + 1; - - if (len == 1 && next_free != 0) { - /* - * Cheat a little by making an empty string point to the end of the - * previous string. - */ - if (next_free < MAX_STRTAB) { - result = (stringbuf + next_free - 1); + if (stringbuf != NULL) { + if (!VALID_STRING(string)) + string = ""; + len = strlen(string) + 1; + + if (len == 1 && next_free != 0) { + /* + * Cheat a little by making an empty string point to the end of the + * previous string. + */ + if (next_free < MAX_STRTAB) { + result = (stringbuf + next_free - 1); + } + } else if (next_free + len < MAX_STRTAB) { + _nc_STRCPY(&stringbuf[next_free], string, MAX_STRTAB); + DEBUG(7, ("Saved string %s", _nc_visbuf(string))); + DEBUG(7, ("at location %d", (int) next_free)); + next_free += len; + result = (stringbuf + old_next_free); + } else { + _nc_warning("Too much data, some is lost: %s", string); } - } else if (next_free + len < MAX_STRTAB) { - _nc_STRCPY(&stringbuf[next_free], string, MAX_STRTAB); - DEBUG(7, ("Saved string %s", _nc_visbuf(string))); - DEBUG(7, ("at location %d", (int) next_free)); - next_free += len; - result = (stringbuf + old_next_free); - } else { - _nc_warning("Too much data, some is lost: %s", string); } return result; } @@ -130,9 +134,14 @@ _nc_wrap_entry(ENTRY * const ep, bool copy_strings) int offsets[MAX_ENTRY_SIZE / sizeof(short)]; int useoffsets[MAX_USES]; unsigned i, n; - unsigned nuses = ep->nuses; - TERMTYPE2 *tp = &(ep->tterm); + unsigned nuses; + TERMTYPE2 *tp; + + if (ep == NULL || stringbuf == NULL) + _nc_err_abort("_nc_wrap_entry called without initialization"); + nuses = ep->nuses; + tp = &(ep->tterm); if (copy_strings) { next_free = 0; /* clear static storage */ @@ -294,7 +303,7 @@ _nc_merge_entry(ENTRY * const target, ENTRY * const source) NCURSES_EXPORT(void) _nc_alloc_entry_leaks(void) { - if (stringbuf != 0) { + if (stringbuf != NULL) { FreeAndNull(stringbuf); } next_free = 0; diff --git a/ncurses/tinfo/write_entry.c b/ncurses/tinfo/write_entry.c index cab47570..05fea946 100644 --- a/ncurses/tinfo/write_entry.c +++ b/ncurses/tinfo/write_entry.c @@ -1,5 +1,5 @@ /**************************************************************************** - * Copyright 2018-2020,2021 Thomas E. Dickey * + * Copyright 2018-2021,2022 Thomas E. Dickey * * Copyright 1998-2016,2017 Free Software Foundation, Inc. * * * * Permission is hereby granted, free of charge, to any person obtaining a * @@ -51,7 +51,7 @@ #define TRACE_NUM(n) /* nothing */ #endif -MODULE_ID("$Id: write_entry.c,v 1.118 2021/08/15 20:07:11 tom Exp $") +MODULE_ID("$Id: write_entry.c,v 1.119 2022/02/26 20:59:58 tom Exp $") static int total_written; static int total_parts; @@ -145,7 +145,7 @@ make_db_path(char *dst, const char *src, size_t limit) rc = 0; } } else { - if (strlen(top) + strlen(src) + 2 <= limit) { + if ((strlen(top) + strlen(src) + 6) <= limit) { _nc_SPRINTF(dst, _nc_SLIMIT(limit) "%s/%s", top, src); rc = 0; } diff --git a/package/debian-mingw/changelog b/package/debian-mingw/changelog index 7add8c30..abab0a0e 100644 --- a/package/debian-mingw/changelog +++ b/package/debian-mingw/changelog @@ -1,8 +1,8 @@ -ncurses6 (6.3+20220219) unstable; urgency=low +ncurses6 (6.3+20220226) unstable; urgency=low * latest weekly patch - -- Thomas E. Dickey Sat, 19 Feb 2022 07:13:47 -0500 + -- Thomas E. Dickey Sat, 26 Feb 2022 07:23:15 -0500 ncurses6 (5.9-20131005) unstable; urgency=low diff --git a/package/debian-mingw64/changelog b/package/debian-mingw64/changelog index 7add8c30..abab0a0e 100644 --- a/package/debian-mingw64/changelog +++ b/package/debian-mingw64/changelog @@ -1,8 +1,8 @@ -ncurses6 (6.3+20220219) unstable; urgency=low +ncurses6 (6.3+20220226) unstable; urgency=low * latest weekly patch - -- Thomas E. Dickey Sat, 19 Feb 2022 07:13:47 -0500 + -- Thomas E. Dickey Sat, 26 Feb 2022 07:23:15 -0500 ncurses6 (5.9-20131005) unstable; urgency=low diff --git a/package/debian/changelog b/package/debian/changelog index 61628fe4..ef72f2f3 100644 --- a/package/debian/changelog +++ b/package/debian/changelog @@ -1,8 +1,8 @@ -ncurses6 (6.3+20220219) unstable; urgency=low +ncurses6 (6.3+20220226) unstable; urgency=low * latest weekly patch - -- Thomas E. Dickey Sat, 19 Feb 2022 07:13:47 -0500 + -- Thomas E. Dickey Sat, 26 Feb 2022 07:23:15 -0500 ncurses6 (5.9-20120608) unstable; urgency=low diff --git a/package/mingw-ncurses.nsi b/package/mingw-ncurses.nsi index 04d35fc3..09cca7d3 100644 --- a/package/mingw-ncurses.nsi +++ b/package/mingw-ncurses.nsi @@ -1,4 +1,4 @@ -; $Id: mingw-ncurses.nsi,v 1.507 2022/02/19 12:13:47 tom Exp $ +; $Id: mingw-ncurses.nsi,v 1.508 2022/02/26 12:23:15 tom Exp $ ; TODO add examples ; TODO bump ABI to 6 @@ -10,7 +10,7 @@ !define VERSION_MAJOR "6" !define VERSION_MINOR "3" !define VERSION_YYYY "2022" -!define VERSION_MMDD "0219" +!define VERSION_MMDD "0226" !define VERSION_PATCH ${VERSION_YYYY}${VERSION_MMDD} !define MY_ABI "5" diff --git a/package/mingw-ncurses.spec b/package/mingw-ncurses.spec index 7403aed9..f904d9a8 100644 --- a/package/mingw-ncurses.spec +++ b/package/mingw-ncurses.spec @@ -3,7 +3,7 @@ Summary: shared libraries for terminal handling Name: mingw32-ncurses6 Version: 6.3 -Release: 20220219 +Release: 20220226 License: X11 Group: Development/Libraries Source: ncurses-%{version}-%{release}.tgz diff --git a/package/ncurses.spec b/package/ncurses.spec index 71d106db..95314868 100644 --- a/package/ncurses.spec +++ b/package/ncurses.spec @@ -1,7 +1,7 @@ Summary: shared libraries for terminal handling Name: ncurses6 Version: 6.3 -Release: 20220219 +Release: 20220226 License: X11 Group: Development/Libraries Source: ncurses-%{version}-%{release}.tgz diff --git a/package/ncursest.spec b/package/ncursest.spec index f707476a..2367c2e1 100644 --- a/package/ncursest.spec +++ b/package/ncursest.spec @@ -1,7 +1,7 @@ Summary: Curses library with POSIX thread support. Name: ncursest6 Version: 6.3 -Release: 20220219 +Release: 20220226 License: X11 Group: Development/Libraries Source: ncurses-%{version}-%{release}.tgz diff --git a/progs/infocmp.c b/progs/infocmp.c index d98c6760..d2f5eabe 100644 --- a/progs/infocmp.c +++ b/progs/infocmp.c @@ -1,5 +1,5 @@ /**************************************************************************** - * Copyright 2020,2021 Thomas E. Dickey * + * Copyright 2020-2021,2022 Thomas E. Dickey * * Copyright 1998-2016,2017 Free Software Foundation, Inc. * * * * Permission is hereby granted, free of charge, to any person obtaining a * @@ -43,7 +43,7 @@ #include -MODULE_ID("$Id: infocmp.c,v 1.151 2021/06/17 21:11:08 tom Exp $") +MODULE_ID("$Id: infocmp.c,v 1.152 2022/02/26 23:25:55 tom Exp $") #define MAX_STRING 1024 /* maximum formatted string */ @@ -125,16 +125,20 @@ failed(const char *s) } static char * -canonical_name(char *ptr, char *buf) +canonical_name(char *source, char *target) /* extract the terminal type's primary name */ { - char *bp; + int limit = NAMESIZE; - _nc_STRCPY(buf, ptr, NAMESIZE); - if ((bp = strchr(buf, '|')) != 0) - *bp = '\0'; + while (--limit > 0) { + char ch = *source++; + if (ch == '|') + break; + *target++ = ch; + } + *target = '\0'; - return (buf); + return (target); } static bool diff --git a/progs/tabs.c b/progs/tabs.c index 02de31c6..7378d116 100644 --- a/progs/tabs.c +++ b/progs/tabs.c @@ -1,5 +1,5 @@ /**************************************************************************** - * Copyright 2020,2021 Thomas E. Dickey * + * Copyright 2020-2021,2022 Thomas E. Dickey * * Copyright 2008-2016,2017 Free Software Foundation, Inc. * * * * Permission is hereby granted, free of charge, to any person obtaining a * @@ -39,7 +39,7 @@ #include #include -MODULE_ID("$Id: tabs.c,v 1.50 2021/10/10 00:54:41 tom Exp $") +MODULE_ID("$Id: tabs.c,v 1.51 2022/02/26 22:44:44 tom Exp $") static GCC_NORETURN void usage(void); @@ -128,7 +128,7 @@ decode_tabs(const char *tab_list, int margin) int prior = 0; int ch; - if (result == 0) + if (result == NULL) failed("decode_tabs"); if (margin < 0) @@ -138,6 +138,8 @@ decode_tabs(const char *tab_list, int margin) if (isdigit(UChar(ch))) { value *= 10; value += (ch - '0'); + if (value > max_cols) + value = max_cols; } else if (ch == ',') { result[n] = value + prior + margin; if (n > 0 && result[n] <= result[n - 1]) { diff --git a/progs/tput.c b/progs/tput.c index 8ac478e6..4cd0c5ba 100644 --- a/progs/tput.c +++ b/progs/tput.c @@ -1,5 +1,5 @@ /**************************************************************************** - * Copyright 2018-2020,2021 Thomas E. Dickey * + * Copyright 2018-2021,2022 Thomas E. Dickey * * Copyright 1998-2016,2017 Free Software Foundation, Inc. * * * * Permission is hereby granted, free of charge, to any person obtaining a * @@ -47,7 +47,7 @@ #include #include -MODULE_ID("$Id: tput.c,v 1.97 2021/10/02 18:09:23 tom Exp $") +MODULE_ID("$Id: tput.c,v 1.99 2022/02/26 23:19:31 tom Exp $") #define PUTS(s) fputs(s, stdout) @@ -160,7 +160,7 @@ tput_cmd(int fd, TTY * settings, bool opt_x, int argc, char **argv, int *used) name = check_aliases(argv[0], FALSE); *used = 1; if (is_reset || is_init) { - TTY oldmode; + TTY oldmode = *settings; int terasechar = -1; /* new erase character */ int intrchar = -1; /* new interrupt character */ @@ -180,6 +180,7 @@ tput_cmd(int fd, TTY * settings, bool opt_x, int argc, char **argv, int *used) #endif set_control_chars(settings, terasechar, intrchar, tkillchar); set_conversions(settings); + if (send_init_strings(fd, &oldmode)) { reset_flush(); } @@ -336,6 +337,7 @@ main(int argc, char **argv) int result = 0; int fd; int used; + TTY old_settings; TTY tty_settings; bool opt_x = FALSE; /* clear scrollback if possible */ bool is_alias; @@ -391,6 +393,7 @@ main(int argc, char **argv) quit(ErrUsage, "No value for $TERM and no -T specified"); fd = save_tty_settings(&tty_settings, need_tty); + old_settings = tty_settings; if (setupterm(term, fd, &errret) != OK && errret <= 0) quit(ErrTermType, "unknown terminal \"%s\"", term); @@ -400,6 +403,7 @@ main(int argc, char **argv) if ((argc <= 0) && !is_alias) usage(NULL); while (argc > 0) { + tty_settings = old_settings; code = tput_cmd(fd, &tty_settings, opt_x, argc, argv, &used); if (code != 0) break; @@ -433,7 +437,9 @@ main(int argc, char **argv) argnow = argvec; while (argnum > 0) { - int code = tput_cmd(fd, &tty_settings, opt_x, argnum, argnow, &used); + int code; + tty_settings = old_settings; + code = tput_cmd(fd, &tty_settings, opt_x, argnum, argnow, &used); if (code != 0) { if (result == 0) result = ErrSystem(0); /* will return value >4 */ diff --git a/test/ncurses.c b/test/ncurses.c index c387b0a1..2aa78b22 100644 --- a/test/ncurses.c +++ b/test/ncurses.c @@ -1,5 +1,5 @@ /**************************************************************************** - * Copyright 2018-2020,2021 Thomas E. Dickey * + * Copyright 2018-2021,2022 Thomas E. Dickey * * Copyright 1998-2016,2017 Free Software Foundation, Inc. * * * * Permission is hereby granted, free of charge, to any person obtaining a * @@ -41,7 +41,7 @@ AUTHOR Author: Eric S. Raymond 1993 Thomas E. Dickey (beginning revision 1.27 in 1996). -$Id: ncurses.c,v 1.527 2021/09/04 10:31:03 tom Exp $ +$Id: ncurses.c,v 1.528 2022/02/26 22:41:02 tom Exp $ ***************************************************************************/ @@ -2885,6 +2885,10 @@ init_all_colors(bool xterm_colors, char *palette_file) while (fgets(buffer, sizeof(buffer), fp) != 0) { if (sscanf(buffer, "scale:%d", &c) == 1) { scale = c; + if (scale < 100) + scale = 100; + if (scale > 1000) + scale = 1000; } else if (sscanf(buffer, "%d:%d %d %d", &c, &red,