From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tyan0@sourceware.org>
Received: by sourceware.org (Postfix, from userid 7868)
 id B46933858429; Fri, 29 Jul 2022 12:59:43 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B46933858429
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
From: Takashi Yano <tyan0@sourceware.org>
To: cygwin-cvs@sourceware.org
Subject: [newlib-cygwin] Cygwin: console: Avoid accessing NULL pointer via
 cygheap->ctty.
X-Act-Checkin: newlib-cygwin
X-Git-Author: Takashi Yano <takashi.yano@nifty.ne.jp>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: d4689b99c68628d9ec2fc1ac7884906ddbf6a2fc
X-Git-Newrev: 8d564b62b711bc93850c1b6a8632196abc4768cf
Message-Id: <20220729125943.B46933858429@sourceware.org>
Date: Fri, 29 Jul 2022 12:59:43 +0000 (GMT)
X-BeenThere: cygwin-cvs@cygwin.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Cygwin core component git logs <cygwin-cvs.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin-cvs>,
 <mailto:cygwin-cvs-request@cygwin.com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin-cvs/>
List-Help: <mailto:cygwin-cvs-request@cygwin.com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin-cvs>,
 <mailto:cygwin-cvs-request@cygwin.com?subject=subscribe>
X-List-Received-Date: Fri, 29 Jul 2022 12:59:43 -0000

https://sourceware.org/git/gitweb.cgi?p=3Dnewlib-cygwin.git;h=3D8d564b62b71=
1bc93850c1b6a8632196abc4768cf

commit 8d564b62b711bc93850c1b6a8632196abc4768cf
Author: Takashi Yano <takashi.yano@nifty.ne.jp>
Date:   Fri Jul 29 21:40:18 2022 +0900

    Cygwin: console: Avoid accessing NULL pointer via cygheap->ctty.
   =20
    - Recent commit "Cygwin: console: Add missing input_mutex guard."
      has a problem that causes NULL pointer access if cygheap->ctty
      is NULL. This patch fixes the issue.

Diff:
---
 winsup/cygwin/fhandler.h          |  2 +-
 winsup/cygwin/fhandler_console.cc | 22 ++++++++++++++--------
 2 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/winsup/cygwin/fhandler.h b/winsup/cygwin/fhandler.h
index a12e907ff..e4f1a2d94 100644
--- a/winsup/cygwin/fhandler.h
+++ b/winsup/cygwin/fhandler.h
@@ -2298,7 +2298,7 @@ private:
   static void cleanup_for_non_cygwin_app (handle_set_t *p);
   static void set_console_mode_to_native ();
   bool need_console_handler ();
-  static void set_disable_master_thread (bool x);
+  static void set_disable_master_thread (bool x, fhandler_console *cons =
=3D NULL);
=20
   friend tty_min * tty_list::get_cttyp ();
 };
diff --git a/winsup/cygwin/fhandler_console.cc b/winsup/cygwin/fhandler_con=
sole.cc
index 37262f638..d17f03acf 100644
--- a/winsup/cygwin/fhandler_console.cc
+++ b/winsup/cygwin/fhandler_console.cc
@@ -791,7 +791,7 @@ fhandler_console::setup_for_non_cygwin_app ()
     (get_ttyp ()->getpgid ()=3D=3D myself->pgid) ? tty::native : tty::rest=
ore;
   set_input_mode (conmode, &tc ()->ti, get_handle_set ());
   set_output_mode (conmode, &tc ()->ti, get_handle_set ());
-  set_disable_master_thread (true);
+  set_disable_master_thread (true, this);
 }
=20
 void
@@ -986,7 +986,7 @@ fhandler_console::bg_check (int sig, bool dontsignal)
   if (sig =3D=3D SIGTTIN)
     {
       set_input_mode (tty::cygwin, &tc ()->ti, get_handle_set ());
-      set_disable_master_thread (false);
+      set_disable_master_thread (false, this);
     }
   if (sig =3D=3D SIGTTOU)
     set_output_mode (tty::cygwin, &tc ()->ti, get_handle_set ());
@@ -1721,7 +1721,7 @@ fhandler_console::post_open_setup (int fd)
   if (fd =3D=3D 0)
     {
       set_input_mode (tty::cygwin, &get_ttyp ()->ti, &handle_set);
-      set_disable_master_thread (false);
+      set_disable_master_thread (false, this);
     }
   else if (fd =3D=3D 1 || fd =3D=3D 2)
     set_output_mode (tty::cygwin, &get_ttyp ()->ti, &handle_set);
@@ -1749,7 +1749,7 @@ fhandler_console::close ()
 	  /* Cleaning-up console mode for cygwin apps. */
 	  set_output_mode (tty::restore, &get_ttyp ()->ti, &handle_set);
 	  set_input_mode (tty::restore, &get_ttyp ()->ti, &handle_set);
-	  set_disable_master_thread (true);
+	  set_disable_master_thread (true, this);
 	}
     }
=20
@@ -3975,7 +3975,7 @@ fhandler_console::set_console_mode_to_native ()
 	    termios *cons_ti =3D &cons->tc ()->ti;
 	    set_input_mode (tty::native, cons_ti, cons->get_handle_set ());
 	    set_output_mode (tty::native, cons_ti, cons->get_handle_set ());
-	    set_disable_master_thread (true);
+	    set_disable_master_thread (true, cons);
 	    break;
 	  }
       }
@@ -4321,11 +4321,17 @@ fhandler_console::need_console_handler ()
 }
=20
 void
-fhandler_console::set_disable_master_thread (bool x)
+fhandler_console::set_disable_master_thread (bool x, fhandler_console *con=
s)
 {
-  if (cygheap->ctty->get_major () !=3D DEV_CONS_MAJOR)
+  if (con.disable_master_thread =3D=3D x)
     return;
-  fhandler_console *cons =3D (fhandler_console *) cygheap->ctty;
+  if (cons =3D=3D NULL)
+    {
+      if (cygheap->ctty && cygheap->ctty->get_major () =3D=3D DEV_CONS_MAJ=
OR)
+	cons =3D (fhandler_console *) cygheap->ctty;
+      else
+	return;
+    }
   cons->acquire_input_mutex (mutex_timeout);
   con.disable_master_thread =3D x;
   cons->release_input_mutex ();