[BRLTTY] Crash of BRLTTY in X session

Samuel Thibault samuel.thibault at ens-lyon.org
Sun Jan 26 23:21:17 UTC 2025 

Hello,

Sebastian Humenda, le jeu. 09 janv. 2025 18:05:13 +0100, a ecrit:
> I took the packaging of BRLTTY 6.7-8 (a few weeks back). The crashes
> got more frequent.

Oops.

Actually, looking at the code again, and checking the libasan code, the
glob bug is in libasan which doesn't actually cope with GLOB_DOOFFS.

Could you try the attached patch instead? It should avoid the libasan
bug.

Samuel
-------------- next part --------------
diff --git a/Programs/menu.c b/Programs/menu.c
index a1a91ec35..659da0037 100644
--- a/Programs/menu.c
+++ b/Programs/menu.c
@@ -60,6 +60,7 @@ typedef struct {
 
 #if defined(HAVE_GLOB)
   glob_t glob;
+  char **copy;
 #elif defined(__MINGW32__)
   char **names;
   int offset;
@@ -559,17 +560,15 @@ beginItem_files (MenuItem *item) {
       if (chdir(files->directory) != -1) {
 #if defined(HAVE_GLOB)
         memset(&files->glob, 0, sizeof(files->glob));
-        files->glob.gl_offs = files->count;
 
-        if (glob(files->pattern, GLOB_DOOFFS, NULL, &files->glob) == 0) {
-          files->paths = files->glob.gl_pathv;
-
-          /* The behaviour of gl_pathc is inconsistent. Some implementations
-           * include the leading NULL pointers and some don't. Let's just
-           * figure it out the hard way by finding the trailing NULL.
-           */
-          while (files->paths[files->count]) files->count += 1;
+        if (glob(files->pattern, 0, NULL, &files->glob) == 0) {
+          files->copy = malloc((index + files->glob.gl_pathc + 1) * sizeof(*files->paths));
+          memcpy(files->copy + index, files->glob.gl_pathv, (files->glob.gl_pathc + 1) * sizeof(*files->paths));
+          files->count += files->glob.gl_pathc;
+          files->paths = files->copy;
         }
+        else
+          files->copy = NULL;
 #elif defined(__MINGW32__)
         struct _finddata_t findData;
         long findHandle = _findfirst(files->pattern, &findData);
@@ -656,7 +655,7 @@ endItem_files (MenuItem *item, int deallocating) {
 
 #if defined(HAVE_GLOB)
   if (files->glob.gl_pathc) {
-    for (int i=0; i<files->glob.gl_offs; i+=1) files->glob.gl_pathv[i] = NULL;
+    free(files->copy);
     globfree(&files->glob);
     files->glob.gl_pathc = 0;
   }

More information about the BRLTTY mailing list