gh-151695: Fix use-after-free of the curses screen encoding#151696
Merged
serhiy-storchaka merged 1 commit intoJun 19, 2026
Conversation
The module-global curses_screen_encoding stored a borrowed pointer to the encoding owned by the window returned by the first initscr() call. That window can be deallocated while unctrl() and ungetch(), which have no window of their own, still use the pointer to encode non-ASCII characters. Keep a private copy of the encoding instead. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
serhiy-storchaka
added
needs backport to 3.13
|
Thanks @serhiy-storchaka for the PR 🌮🎉.. I'm working now to backport this PR to: 3.13, 3.14, 3.15. |
|
Sorry, @serhiy-storchaka, I could not cleanly backport this to |
|
Sorry, @serhiy-storchaka, I could not cleanly backport this to |
|
GH-151703 is a backport of this pull request to the 3.15 branch. |
bedevere-app
Bot
removed
the
needs backport to 3.15
|
GH-151706 is a backport of this pull request to the 3.14 branch. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The module-global
curses_screen_encodingstored a borrowed pointer to theencodingstring owned by the window object that the firstinitscr()call returns. That window object can be deallocated whileunctrl()andungetch()— which have no window of their own — still use the pointer to encode non-ASCII characters, so they end up reading freed memory.This keeps a private copy of the encoding instead, refreshed on every
initscr()and released when the module is torn down.🤖 Generated with Claude Code