# ncurses 6.3 - patch 20220226 - Thomas E. Dickey # # ------------------------------------------------------------------------------ # # Ncurses 6.3 is at # ftp://ftp.invisible-island.net/ncurses/ # https://invisible-mirror.net/archives/ncurses/ # https://ftp.gnu.org/gnu/ncurses/ # # Patches for ncurses 6.3 can be found at # ftp://ftp.invisible-island.net/ncurses/6.3 # https://invisible-mirror.net/archives/ncurses/6.3 # # ------------------------------------------------------------------------------ # ftp://ftp.invisible-island.net/ncurses/6.3/ncurses-6.3-20220226.patch.gz # patch by Thomas E. Dickey # created Sun Feb 27 01:00:55 UTC 2022 # ------------------------------------------------------------------------------ # NEWS | 13 ++++++- # VERSION | 2 - # c++/cursslk.cc | 6 ++- # dist.mk | 4 +- # ncurses/tinfo/alloc_entry.c | 67 ++++++++++++++++++++----------------- # ncurses/tinfo/write_entry.c | 6 +-- # package/debian-mingw/changelog | 4 +- # package/debian-mingw64/changelog | 4 +- # package/debian/changelog | 4 +- # package/mingw-ncurses.nsi | 4 +- # package/mingw-ncurses.spec | 2 - # package/ncurses.spec | 2 - # package/ncursest.spec | 2 - # progs/infocmp.c | 20 ++++++----- # progs/tabs.c | 8 ++-- # progs/tput.c | 14 +++++-- # test/ncurses.c | 8 +++- # 17 files changed, 104 insertions(+), 66 deletions(-) # ------------------------------------------------------------------------------ Index: NEWS Prereq: 1.3780 --- ncurses-6.3-20220219+/NEWS 2022-02-20 00:40:32.000000000 +0000 +++ ncurses-6.3-20220226/NEWS 2022-02-26 23:50:53.000000000 +0000 @@ -26,7 +26,7 @@ -- sale, use or other dealings in this Software without prior written -- -- authorization. -- ------------------------------------------------------------------------------- --- $Id: NEWS,v 1.3780 2022/02/20 00:40:32 tom Exp $ +-- $Id: NEWS,v 1.3782 2022/02/26 23:50:53 tom Exp $ ------------------------------------------------------------------------------- This is a log of changes that ncurses has gone through since Zeyd started @@ -46,6 +46,17 @@ Changes through 1.9.9e did not credit all contributions; it is not possible to add this information. +20220226 + + fix issues found with coverity: + + rewrite canonical_name() function of infocmp to ensure buffer size + + corrected use of original tty-modes in tput init/reset subcommands + + modify tabs program to limit tab-stop values to max-columns + + add limit-checks for palette rgb values in test/ncurses.c + + add a few null-pointer checks to help with static-analysis. + + enforce limit on number of soft-keys used in c++ binding. + + adjust a buffer-limit in write_entry.c to quiet a bogus warning from + gcc 12.0.1 + 20220219 + expanded description in man/resizeterm.3x + additional workaround for ImageMagick in test/picsmap.c Index: VERSION --- ncurses-6.3-20220219+/VERSION 2022-02-19 12:13:47.000000000 +0000 +++ ncurses-6.3-20220226/VERSION 2022-02-26 12:23:15.000000000 +0000 @@ -1 +1 @@ -5:0:10 6.3 20220219 +5:0:10 6.3 20220226 Index: c++/cursslk.cc Prereq: 1.19 --- ncurses-6.3-20220219+/c++/cursslk.cc 2020-07-18 19:57:11.000000000 +0000 +++ ncurses-6.3-20220226/c++/cursslk.cc 2022-02-26 17:57:23.000000000 +0000 @@ -1,6 +1,6 @@ // * this is for making emacs happy: -*-Mode: C++;-*- /**************************************************************************** - * Copyright 2019,2020 Thomas E. Dickey * + * Copyright 2019-2020,2022 Thomas E. Dickey * * Copyright 1998-2005,2012 Free Software Foundation, Inc. * * * * Permission is hereby granted, free of charge, to any person obtaining a * @@ -36,7 +36,7 @@ #include "cursslk.h" #include "cursesapp.h" -MODULE_ID("$Id: cursslk.cc,v 1.19 2020/07/18 19:57:11 anonymous.maarten Exp $") +MODULE_ID("$Id: cursslk.cc,v 1.20 2022/02/26 17:57:23 tom Exp $") Soft_Label_Key_Set::Soft_Label_Key& Soft_Label_Key_Set::Soft_Label_Key::operator=(char *text) @@ -56,6 +56,8 @@ void Soft_Label_Key_Set::init() { + if (num_labels > 12) + num_labels = 12; slk_array = new Soft_Label_Key[num_labels]; for(int i=0; i < num_labels; i++) { slk_array[i].num = i+1; Index: dist.mk Prereq: 1.1467 --- ncurses-6.3-20220219+/dist.mk 2022-02-19 12:13:47.000000000 +0000 +++ ncurses-6.3-20220226/dist.mk 2022-02-26 12:23:15.000000000 +0000 @@ -26,7 +26,7 @@ # use or other dealings in this Software without prior written # # authorization. # ############################################################################## -# $Id: dist.mk,v 1.1467 2022/02/19 12:13:47 tom Exp $ +# $Id: dist.mk,v 1.1468 2022/02/26 12:23:15 tom Exp $ # Makefile for creating ncurses distributions. # # This only needs to be used directly as a makefile by developers, but @@ -38,7 +38,7 @@ # These define the major/minor/patch versions of ncurses. NCURSES_MAJOR = 6 NCURSES_MINOR = 3 -NCURSES_PATCH = 20220219 +NCURSES_PATCH = 20220226 # We don't append the patch to the version, since this only applies to releases VERSION = $(NCURSES_MAJOR).$(NCURSES_MINOR) Index: ncurses/tinfo/alloc_entry.c Prereq: 1.66 --- ncurses-6.3-20220219+/ncurses/tinfo/alloc_entry.c 2021-08-08 00:09:37.000000000 +0000 +++ ncurses-6.3-20220226/ncurses/tinfo/alloc_entry.c 2022-02-26 22:19:31.000000000 +0000 @@ -1,5 +1,5 @@ /**************************************************************************** - * Copyright 2018-2020,2021 Thomas E. Dickey * + * Copyright 2018-2021,2022 Thomas E. Dickey * * Copyright 1998-2013,2017 Free Software Foundation, Inc. * * * * Permission is hereby granted, free of charge, to any person obtaining a * @@ -48,7 +48,7 @@ #include -MODULE_ID("$Id: alloc_entry.c,v 1.66 2021/08/08 00:09:37 tom Exp $") +MODULE_ID("$Id: alloc_entry.c,v 1.68 2022/02/26 22:19:31 tom Exp $") #define ABSENT_OFFSET -1 #define CANCELLED_OFFSET -2 @@ -62,16 +62,18 @@ _nc_init_entry(ENTRY * const tp) /* initialize a terminal type data block */ { + if (tp == NULL) { #if NO_LEAKS - if (tp == 0) { - if (stringbuf != 0) { + if (stringbuf != NULL) { FreeAndNull(stringbuf); } return; - } +#else + _nc_err_abort("_nc_init_entry called without initialization"); #endif + } - if (stringbuf == 0) + if (stringbuf == NULL) TYPE_MALLOC(char, (size_t) MAX_STRTAB, stringbuf); next_free = 0; @@ -84,7 +86,7 @@ { ENTRY *newp = typeCalloc(ENTRY, 1); - if (newp != 0) { + if (newp != NULL) { *newp = *oldp; _nc_copy_termtype2(&(newp->tterm), &(oldp->tterm)); } @@ -99,26 +101,28 @@ size_t old_next_free = next_free; size_t len; - if (!VALID_STRING(string)) - string = ""; - len = strlen(string) + 1; - - if (len == 1 && next_free != 0) { - /* - * Cheat a little by making an empty string point to the end of the - * previous string. - */ - if (next_free < MAX_STRTAB) { - result = (stringbuf + next_free - 1); + if (stringbuf != NULL) { + if (!VALID_STRING(string)) + string = ""; + len = strlen(string) + 1; + + if (len == 1 && next_free != 0) { + /* + * Cheat a little by making an empty string point to the end of the + * previous string. + */ + if (next_free < MAX_STRTAB) { + result = (stringbuf + next_free - 1); + } + } else if (next_free + len < MAX_STRTAB) { + _nc_STRCPY(&stringbuf[next_free], string, MAX_STRTAB); + DEBUG(7, ("Saved string %s", _nc_visbuf(string))); + DEBUG(7, ("at location %d", (int) next_free)); + next_free += len; + result = (stringbuf + old_next_free); + } else { + _nc_warning("Too much data, some is lost: %s", string); } - } else if (next_free + len < MAX_STRTAB) { - _nc_STRCPY(&stringbuf[next_free], string, MAX_STRTAB); - DEBUG(7, ("Saved string %s", _nc_visbuf(string))); - DEBUG(7, ("at location %d", (int) next_free)); - next_free += len; - result = (stringbuf + old_next_free); - } else { - _nc_warning("Too much data, some is lost: %s", string); } return result; } @@ -130,9 +134,14 @@ int offsets[MAX_ENTRY_SIZE / sizeof(short)]; int useoffsets[MAX_USES]; unsigned i, n; - unsigned nuses = ep->nuses; - TERMTYPE2 *tp = &(ep->tterm); + unsigned nuses; + TERMTYPE2 *tp; + + if (ep == NULL || stringbuf == NULL) + _nc_err_abort("_nc_wrap_entry called without initialization"); + nuses = ep->nuses; + tp = &(ep->tterm); if (copy_strings) { next_free = 0; /* clear static storage */ @@ -294,7 +303,7 @@ NCURSES_EXPORT(void) _nc_alloc_entry_leaks(void) { - if (stringbuf != 0) { + if (stringbuf != NULL) { FreeAndNull(stringbuf); } next_free = 0; Index: ncurses/tinfo/write_entry.c Prereq: 1.118 --- ncurses-6.3-20220219+/ncurses/tinfo/write_entry.c 2021-08-15 20:07:11.000000000 +0000 +++ ncurses-6.3-20220226/ncurses/tinfo/write_entry.c 2022-02-26 20:59:58.000000000 +0000 @@ -1,5 +1,5 @@ /**************************************************************************** - * Copyright 2018-2020,2021 Thomas E. Dickey * + * Copyright 2018-2021,2022 Thomas E. Dickey * * Copyright 1998-2016,2017 Free Software Foundation, Inc. * * * * Permission is hereby granted, free of charge, to any person obtaining a * @@ -51,7 +51,7 @@ #define TRACE_NUM(n) /* nothing */ #endif -MODULE_ID("$Id: write_entry.c,v 1.118 2021/08/15 20:07:11 tom Exp $") +MODULE_ID("$Id: write_entry.c,v 1.119 2022/02/26 20:59:58 tom Exp $") static int total_written; static int total_parts; @@ -145,7 +145,7 @@ rc = 0; } } else { - if (strlen(top) + strlen(src) + 2 <= limit) { + if ((strlen(top) + strlen(src) + 6) <= limit) { _nc_SPRINTF(dst, _nc_SLIMIT(limit) "%s/%s", top, src); rc = 0; } Index: package/debian-mingw/changelog --- ncurses-6.3-20220219+/package/debian-mingw/changelog 2022-02-19 12:13:47.000000000 +0000 +++ ncurses-6.3-20220226/package/debian-mingw/changelog 2022-02-26 12:23:15.000000000 +0000 @@ -1,8 +1,8 @@ -ncurses6 (6.3+20220219) unstable; urgency=low +ncurses6 (6.3+20220226) unstable; urgency=low * latest weekly patch - -- Thomas E. Dickey Sat, 19 Feb 2022 07:13:47 -0500 + -- Thomas E. Dickey Sat, 26 Feb 2022 07:23:15 -0500 ncurses6 (5.9-20131005) unstable; urgency=low Index: package/debian-mingw64/changelog --- ncurses-6.3-20220219+/package/debian-mingw64/changelog 2022-02-19 12:13:47.000000000 +0000 +++ ncurses-6.3-20220226/package/debian-mingw64/changelog 2022-02-26 12:23:15.000000000 +0000 @@ -1,8 +1,8 @@ -ncurses6 (6.3+20220219) unstable; urgency=low +ncurses6 (6.3+20220226) unstable; urgency=low * latest weekly patch - -- Thomas E. Dickey Sat, 19 Feb 2022 07:13:47 -0500 + -- Thomas E. Dickey Sat, 26 Feb 2022 07:23:15 -0500 ncurses6 (5.9-20131005) unstable; urgency=low Index: package/debian/changelog --- ncurses-6.3-20220219+/package/debian/changelog 2022-02-19 12:13:47.000000000 +0000 +++ ncurses-6.3-20220226/package/debian/changelog 2022-02-26 12:23:15.000000000 +0000 @@ -1,8 +1,8 @@ -ncurses6 (6.3+20220219) unstable; urgency=low +ncurses6 (6.3+20220226) unstable; urgency=low * latest weekly patch - -- Thomas E. Dickey Sat, 19 Feb 2022 07:13:47 -0500 + -- Thomas E. Dickey Sat, 26 Feb 2022 07:23:15 -0500 ncurses6 (5.9-20120608) unstable; urgency=low Index: package/mingw-ncurses.nsi Prereq: 1.507 --- ncurses-6.3-20220219+/package/mingw-ncurses.nsi 2022-02-19 12:13:47.000000000 +0000 +++ ncurses-6.3-20220226/package/mingw-ncurses.nsi 2022-02-26 12:23:15.000000000 +0000 @@ -1,4 +1,4 @@ -; $Id: mingw-ncurses.nsi,v 1.507 2022/02/19 12:13:47 tom Exp $ +; $Id: mingw-ncurses.nsi,v 1.508 2022/02/26 12:23:15 tom Exp $ ; TODO add examples ; TODO bump ABI to 6 @@ -10,7 +10,7 @@ !define VERSION_MAJOR "6" !define VERSION_MINOR "3" !define VERSION_YYYY "2022" -!define VERSION_MMDD "0219" +!define VERSION_MMDD "0226" !define VERSION_PATCH ${VERSION_YYYY}${VERSION_MMDD} !define MY_ABI "5" Index: package/mingw-ncurses.spec --- ncurses-6.3-20220219+/package/mingw-ncurses.spec 2022-02-19 12:13:47.000000000 +0000 +++ ncurses-6.3-20220226/package/mingw-ncurses.spec 2022-02-26 12:23:15.000000000 +0000 @@ -3,7 +3,7 @@ Summary: shared libraries for terminal handling Name: mingw32-ncurses6 Version: 6.3 -Release: 20220219 +Release: 20220226 License: X11 Group: Development/Libraries Source: ncurses-%{version}-%{release}.tgz Index: package/ncurses.spec --- ncurses-6.3-20220219+/package/ncurses.spec 2022-02-19 12:13:47.000000000 +0000 +++ ncurses-6.3-20220226/package/ncurses.spec 2022-02-26 12:23:15.000000000 +0000 @@ -1,7 +1,7 @@ Summary: shared libraries for terminal handling Name: ncurses6 Version: 6.3 -Release: 20220219 +Release: 20220226 License: X11 Group: Development/Libraries Source: ncurses-%{version}-%{release}.tgz Index: package/ncursest.spec --- ncurses-6.3-20220219+/package/ncursest.spec 2022-02-19 12:13:47.000000000 +0000 +++ ncurses-6.3-20220226/package/ncursest.spec 2022-02-26 12:23:15.000000000 +0000 @@ -1,7 +1,7 @@ Summary: Curses library with POSIX thread support. Name: ncursest6 Version: 6.3 -Release: 20220219 +Release: 20220226 License: X11 Group: Development/Libraries Source: ncurses-%{version}-%{release}.tgz Index: progs/infocmp.c Prereq: 1.151 --- ncurses-6.3-20220219+/progs/infocmp.c 2021-06-17 21:11:08.000000000 +0000 +++ ncurses-6.3-20220226/progs/infocmp.c 2022-02-26 23:25:55.000000000 +0000 @@ -1,5 +1,5 @@ /**************************************************************************** - * Copyright 2020,2021 Thomas E. Dickey * + * Copyright 2020-2021,2022 Thomas E. Dickey * * Copyright 1998-2016,2017 Free Software Foundation, Inc. * * * * Permission is hereby granted, free of charge, to any person obtaining a * @@ -43,7 +43,7 @@ #include -MODULE_ID("$Id: infocmp.c,v 1.151 2021/06/17 21:11:08 tom Exp $") +MODULE_ID("$Id: infocmp.c,v 1.152 2022/02/26 23:25:55 tom Exp $") #define MAX_STRING 1024 /* maximum formatted string */ @@ -125,16 +125,20 @@ } static char * -canonical_name(char *ptr, char *buf) +canonical_name(char *source, char *target) /* extract the terminal type's primary name */ { - char *bp; + int limit = NAMESIZE; - _nc_STRCPY(buf, ptr, NAMESIZE); - if ((bp = strchr(buf, '|')) != 0) - *bp = '\0'; + while (--limit > 0) { + char ch = *source++; + if (ch == '|') + break; + *target++ = ch; + } + *target = '\0'; - return (buf); + return (target); } static bool Index: progs/tabs.c Prereq: 1.50 --- ncurses-6.3-20220219+/progs/tabs.c 2021-10-10 00:54:41.000000000 +0000 +++ ncurses-6.3-20220226/progs/tabs.c 2022-02-26 22:44:44.000000000 +0000 @@ -1,5 +1,5 @@ /**************************************************************************** - * Copyright 2020,2021 Thomas E. Dickey * + * Copyright 2020-2021,2022 Thomas E. Dickey * * Copyright 2008-2016,2017 Free Software Foundation, Inc. * * * * Permission is hereby granted, free of charge, to any person obtaining a * @@ -39,7 +39,7 @@ #include #include -MODULE_ID("$Id: tabs.c,v 1.50 2021/10/10 00:54:41 tom Exp $") +MODULE_ID("$Id: tabs.c,v 1.51 2022/02/26 22:44:44 tom Exp $") static GCC_NORETURN void usage(void); @@ -128,7 +128,7 @@ int prior = 0; int ch; - if (result == 0) + if (result == NULL) failed("decode_tabs"); if (margin < 0) @@ -138,6 +138,8 @@ if (isdigit(UChar(ch))) { value *= 10; value += (ch - '0'); + if (value > max_cols) + value = max_cols; } else if (ch == ',') { result[n] = value + prior + margin; if (n > 0 && result[n] <= result[n - 1]) { Index: progs/tput.c Prereq: 1.97 --- ncurses-6.3-20220219+/progs/tput.c 2021-10-02 18:09:23.000000000 +0000 +++ ncurses-6.3-20220226/progs/tput.c 2022-02-26 23:19:31.000000000 +0000 @@ -1,5 +1,5 @@ /**************************************************************************** - * Copyright 2018-2020,2021 Thomas E. Dickey * + * Copyright 2018-2021,2022 Thomas E. Dickey * * Copyright 1998-2016,2017 Free Software Foundation, Inc. * * * * Permission is hereby granted, free of charge, to any person obtaining a * @@ -47,7 +47,7 @@ #include #include -MODULE_ID("$Id: tput.c,v 1.97 2021/10/02 18:09:23 tom Exp $") +MODULE_ID("$Id: tput.c,v 1.99 2022/02/26 23:19:31 tom Exp $") #define PUTS(s) fputs(s, stdout) @@ -160,7 +160,7 @@ name = check_aliases(argv[0], FALSE); *used = 1; if (is_reset || is_init) { - TTY oldmode; + TTY oldmode = *settings; int terasechar = -1; /* new erase character */ int intrchar = -1; /* new interrupt character */ @@ -180,6 +180,7 @@ #endif set_control_chars(settings, terasechar, intrchar, tkillchar); set_conversions(settings); + if (send_init_strings(fd, &oldmode)) { reset_flush(); } @@ -336,6 +337,7 @@ int result = 0; int fd; int used; + TTY old_settings; TTY tty_settings; bool opt_x = FALSE; /* clear scrollback if possible */ bool is_alias; @@ -391,6 +393,7 @@ quit(ErrUsage, "No value for $TERM and no -T specified"); fd = save_tty_settings(&tty_settings, need_tty); + old_settings = tty_settings; if (setupterm(term, fd, &errret) != OK && errret <= 0) quit(ErrTermType, "unknown terminal \"%s\"", term); @@ -400,6 +403,7 @@ if ((argc <= 0) && !is_alias) usage(NULL); while (argc > 0) { + tty_settings = old_settings; code = tput_cmd(fd, &tty_settings, opt_x, argc, argv, &used); if (code != 0) break; @@ -433,7 +437,9 @@ argnow = argvec; while (argnum > 0) { - int code = tput_cmd(fd, &tty_settings, opt_x, argnum, argnow, &used); + int code; + tty_settings = old_settings; + code = tput_cmd(fd, &tty_settings, opt_x, argnum, argnow, &used); if (code != 0) { if (result == 0) result = ErrSystem(0); /* will return value >4 */ Index: test/ncurses.c Prereq: 1.527 --- ncurses-6.3-20220219+/test/ncurses.c 2021-09-04 10:31:03.000000000 +0000 +++ ncurses-6.3-20220226/test/ncurses.c 2022-02-26 22:41:02.000000000 +0000 @@ -1,5 +1,5 @@ /**************************************************************************** - * Copyright 2018-2020,2021 Thomas E. Dickey * + * Copyright 2018-2021,2022 Thomas E. Dickey * * Copyright 1998-2016,2017 Free Software Foundation, Inc. * * * * Permission is hereby granted, free of charge, to any person obtaining a * @@ -41,7 +41,7 @@ Author: Eric S. Raymond 1993 Thomas E. Dickey (beginning revision 1.27 in 1996). -$Id: ncurses.c,v 1.527 2021/09/04 10:31:03 tom Exp $ +$Id: ncurses.c,v 1.528 2022/02/26 22:41:02 tom Exp $ ***************************************************************************/ @@ -2885,6 +2885,10 @@ while (fgets(buffer, sizeof(buffer), fp) != 0) { if (sscanf(buffer, "scale:%d", &c) == 1) { scale = c; + if (scale < 100) + scale = 100; + if (scale > 1000) + scale = 1000; } else if (sscanf(buffer, "%d:%d %d %d", &c, &red,