small bug in more
morgan at UCI-750A.ARPA
morgan at UCI-750A.ARPA
Tue Aug 28 17:17:18 AEST 1984
From: Tim Morgan <morgan at UCI-750A.ARPA>
Description:
In more, the routine initterm() is called to initialize the
terminal capabilities which are used subsequently. It uses
a buffer called "clearbuf" of 100 bytes to store the capability
strings into, using the termcap(3) routines (eg, tgetstr(3)).
But since clearbuf is local to initterm(), when that routine
exits, clearbuf and the pointers to the capability strings stored
within it can be overwritten by other routines.
Normally more works because just before clearbuf is another
array called "buf" which is 1024 bytes long. Thus clearbuf is
high enough (or low enough, depending on how you look at it)
on the stack that it avoids being trashed.
Repeat-By:
Modify more so that some routine uses (writes on) more than 1024 bytes
of space on the stack. More will no longer correctly do things
like clear the screen or change to or from inverse video.
Fix:
Change the declaration of "clearbuf" in initterm() from
char clearbuf[100];
to
static char clearbuf[100];
More information about the Comp.unix.wizards
mailing list