bug-ncurses
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

segmentation fault inside waddch_literal()

From: Tetsuo Handa
Subject: segmentation fault inside waddch_literal()
Date: Thu, 15 Jul 2021 22:03:01 +0900
User-agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 
Hello.

I received a bug report that my program crashes on multiple terminals
including TERM=xterm-256color and TERM=linux .

I tried many tags using https://github.com/ThomasDickey/ncurses-snapshots/ .

In my testing case,

  for tag in $list_of_available_tags
  do
  git reset --hard $tag && ./configure --prefix=/usr/my-ncurses-$tag 
--with-shared && make -sj4 && make -s install
  LD_LIBRARY_PATH=/usr/my-ncurses-$tag/lib/ /path/to/my/program
  done

On TERM=xterm-256color case,

  good v6_1_20190511
  bad v6_1_20190518
  bad v6_2_20201205
  bad v6_2_20210710

On TERM=linux case,

  good v6_1_20181020
  bad v6_1_20181027
  bad v6_1_20190601
  good v6_1_20190609
  good v6_2_20201205
  good v6_2_20210710



But ncurses-6.2-20201205.1.mga8.x86_64.rpm (in Mageia release 8) which
was built based on v6_2_20201205 fails on TERM=xterm-256color case
and TERM=linux case and TERM=xterm case.

----------------------------------------
%build
export PKG_CONFIG_LIBDIR=%{_libdir}/pkgconfig

ncurses_options="\
        --with-shared \
        --with-cxx-shared \
        --without-normal \
        --without-debug \
        --enable-overwrite \
        --without-profile \
        --with-gpm \
        --enable-getcap \
        --enable-const \
        --enable-hard-tabs \
        --enable-hash-map \
        --enable-no-padding \
        --enable-sigwinch \
        --without-ada \
        --enable-xmc-glitch \
        --enable-colorfgbg \
        --enable-pc-files \
        --with-pkg-config-libdir=%{_libdir}/pkgconfig \
        --with-termlib=tinfo \
        --with-ticlib=tic \
        --disable-tic-depends \
        --with-ospeed=unsigned \
        --with-xterm-kbs=DEL \
        --disable-stripping \
        "

for abi in 5 6; do
  for width in normal utf8; do
    mkdir ncurses${abi}-${width}
    pushd ncurses${abi}-${width}
    CONFIGURE_TOP=..
    %configure \
        $( echo $ncurses_options --with-abi-version=$abi
        [ $abi = 5 ] && echo --with-chtype=long
        [ $width = utf8 ] && echo --enable-widec
        [ $abi = 6 -a $width = utf8 ] || echo --without-progs
        )

    %make_build libs
    if [ $abi -eq 6 -a $width = "utf8" ]; then
       %make_build -C progs
    fi
    popd
    done
done
----------------------------------------

Since it seems that the result differs depending on build config
options, I worry that this bug might involve memory corruption.

Any idea how to debug this problem? (I'm not familiar with ncurses.)

------------------------------------------------------------
[root@localhost tmp]# gdb /tmp/tomoyo-tools/usr_sbin/tomoyo-editpolicy 
core.512297
GNU gdb (GDB) 10.1-5.mga8 (Mageia release 8)
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-mageia-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /tmp/tomoyo-tools/usr_sbin/tomoyo-editpolicy...

warning: core file may not match specified executable file.
[New LWP 512297]
Core was generated by `/tmp/tomoyo-tools/usr_sbin/tomoyo-editpolicy'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f78b8dec4ce in waddch_literal (ch=3652, win=<optimized out>) at 
../../ncurses/base/lib_addch.c:391
391         line->text[x++] = ch;
(gdb) bt
#0  0x00007f78b8dec4ce in waddch_literal (ch=3652, win=<optimized out>) at 
../../ncurses/base/lib_addch.c:391
#1  waddch_nosync (ch=68, win=0x5745e0) at ../../ncurses/base/lib_addch.c:443
#2  _nc_waddch_nosync (win=win@entry=0x5745e0, c=68) at 
../../ncurses/base/lib_addch.c:529
#3  0x00007f78b8ded494 in waddnstr (win=0x5745e0, astr=<optimized out>, 
n=<optimized out>) at ../../ncurses/base/lib_addstr.c:70
#4  0x00007f78b8df6edc in printw (fmt=fmt@entry=0x411838 "Delete selected 
entr%s? ('Y'es/'N'o)") at ../../ncurses/base/lib_printw.c:60
#5  0x0000000000403091 in delete_entry () at editpolicy.c:2690
#6  generic_list_loop () at editpolicy.c:3402
#7  main (argc=<optimized out>, argv=<optimized out>) at editpolicy.c:3780
(gdb) print line
$1 = (struct ldat *) 0x574650
(gdb) print line->text
$2 = (chtype *) 0xe00574930
(gdb) print x
$3 = 1
(gdb) print ch
$4 = 3652
(gdb) print line->text[x]
Cannot access memory at address 0xe00574934
------------------------------------------------------------
reply via email to
[Prev in Thread] Current Thread [Next in Thread]