classification
Title: getkey() can segfault in combination with curses.ungetch()
Type: crash Stage:
Components: Library (Lib) Versions: Python 3.0, Python 3.1, Python 2.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: akuchling Nosy List: Trundle, akuchling, georg.brandl, jcsalterego, sebastinas
Priority: normal Keywords: patch

Created on 2009-06-08 20:36 by Trundle, last changed 2010-02-22 17:09 by akuchling. This issue is now closed.

Files
File name Uploaded Description Edit
python_curses_ungetch_getkey.patch Trundle, 2009-06-08 20:36 Patch against trunk which adds return value checking in PyCursesWindow_GetKey()
issue6243-py2.7-cursesmodule.diff jcsalterego, 2009-06-25 06:38 PyCursesWindow_GetKey() retval checking in 2.7 r73552
issue6243-py3.1-cursesmodule.diff jcsalterego, 2009-06-25 06:41 PyCursesWindow_GetKey() retval checking in 3.1 r73552
Messages (8)
msg89111 - (view) Author: Andreas Stührk (Trundle) * Date: 2009-06-08 20:36
Snippet to reproduce:

import curses

scr = curses.initscr()
curses.ungetch(1025)
scr.getkey()

This is because `keyname()` in `PyCursesWindow_GetKey()` returns NULL
which is passed to `PyString_FromString()` then.

The attached patch fixes the segfault.
msg89695 - (view) Author: Jerry Chen (jcsalterego) Date: 2009-06-25 06:24
Verified Bus Error with code snippet in python 2.7 and 3.1 trunks
r73552, e.g.:

(gdb) where
#0  0x925f6f30 in strlen ()
#1  0x0005ea10 in PyString_FromString (str=0x0) at
Objects/stringobject.c:125
#2  0x003c1710 in PyCursesWindow_GetKey (self=0x3320f0, args=0x300030)
at python27/Modules/_cursesmodule.c:891
msg89696 - (view) Author: Jerry Chen (jcsalterego) Date: 2009-06-25 06:33
Trundle's original patch against r73301 still works currently, but I
made a minor tweak and rediff'd.

The attached patch is against 2.7 - r73552.

I added knp usage to the NetBSD #ifdef region so a) the compiler doesn't
complain about unused 'knp' on NetBSD and b) for parallelism.  The
alternative solution was to put the declaration of *knp within the
conditional block but that doesn't seem to adhere to the rest of the
module code.
msg89697 - (view) Author: Jerry Chen (jcsalterego) Date: 2009-06-25 06:38
Sorry -- bad patch, uploading correct one.
msg89698 - (view) Author: Jerry Chen (jcsalterego) Date: 2009-06-25 06:41
Another patch for the same code change but against the 3.1 branch.
msg92013 - (view) Author: Georg Brandl (georg.brandl) * (Python committer) Date: 2009-08-27 19:57
Andrew - do you still feel responsible for curses?
msg93147 - (view) Author: A.M. Kuchling (akuchling) * (Python committer) Date: 2009-09-25 22:25
Thanks for the bug report and for the fix; 
committed to trunk in rev. 75066.  I modified the patch
slightly to declare the 'knp' variable in the 'else'
block, and both the unctrl()/keyname() sections use the variable.
msg99788 - (view) Author: A.M. Kuchling (akuchling) * (Python committer) Date: 2010-02-22 17:09
Backported to 2.6-maint in commit 78324.
History
Date User Action Args
2010-02-22 17:09:06akuchlingsetstatus: open -> closed
resolution: fixed
messages: + msg99788
2009-09-25 22:25:10akuchlingsetmessages: + msg93147
2009-08-27 19:57:25georg.brandlsetassignee: akuchling

messages: + msg92013
nosy: + georg.brandl, akuchling
2009-06-25 06:41:17jcsalteregosetfiles: + issue6243-py3.1-cursesmodule.diff

messages: + msg89698
versions: + Python 3.0, Python 3.1
2009-06-25 06:38:43jcsalteregosetfiles: + issue6243-py2.7-cursesmodule.diff

messages: + msg89697
2009-06-25 06:36:30jcsalteregosetfiles: - issue6243-py2.7-cursesmodule.diff
2009-06-25 06:33:38jcsalteregosetfiles: + issue6243-py2.7-cursesmodule.diff

messages: + msg89696
2009-06-25 06:24:30jcsalteregosetnosy: + jcsalterego
messages: + msg89695
2009-06-08 20:54:53sebastinassetnosy: + sebastinas
2009-06-08 20:36:12Trundlecreate