Bug 1484290
Summary: | There is an illegal address access in dump_entry.c of libncurses. | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | owl337 <v.owl337> | ||||||
Component: | ncurses | Assignee: | Miroslav Lichvar <mlichvar> | ||||||
Status: | CLOSED DUPLICATE | QA Contact: | qe-baseos-daemons | ||||||
Severity: | unspecified | Docs Contact: | |||||||
Priority: | unspecified | ||||||||
Version: | 7.5-Alt | CC: | akhaitov, dickey, gobaya | ||||||
Target Milestone: | rc | ||||||||
Target Release: | --- | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2018-07-27 15:24:56 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 1488920 | ||||||||
Attachments: |
|
Description
owl337
2017-08-23 08:06:03 UTC
The attachment has been deleted; there are no steps to reproduce the issue. Created attachment 1317519 [details]
"./infotocap POC12"
The given attachment does not produce the problem. By the way, the trace uses a different filename. (In reply to Thomas E. Dickey from comment #4) > The given attachment does not produce the problem. > By the way, the trace uses a different filename. Please set it as follow. $gdb infotocap ... (gdb) set args POC12 I check the poc I upstreamed again. It should be correct in the latest version(date:08.19) I am still unable to reproduce the problem with this data. In curses, there are two kinds of invalid string, ABSENT_STRING (char*)0, and CANCELLED_STRING (char *)(-1). However, in ncurses 6.0, a string will be passed to strcmp if it is not an ABSENT_STRING. strcmp call on a CANCELLED_STRING causes a segment fault. In ncurses-6.0-20171007, macro VALID_STRING check a string for both ABSENT_STRING and CANCELLED_STRING, only a string that is neither a ABSENT_STRING nor a CANCELLED_STRING will be passed to strcmp. Here is the old code that causes the segment fault: #undef CUR #define CUR tterm-> if (outform == 2) { if (tterm-> Strings[395] != (char *)0) { if (tterm-> Strings[50] != (char *)0 && !strcmp(tterm-> Strings[50], tterm-> Strings[395])) tterm-> Strings[50] = (char *)0; if (tterm-> Strings[123] != (char *)0 && !strcmp(tterm-> Strings[123], tterm-> Strings[395])) tterm-> Strings[123] = (char *)0; } } Here is the recent code that fails to reproduce the segment fault:#undef CUR #define CUR tterm-> if (outform == 2) { if (((tterm-> Strings[395]) != (char *)(-1) && (tterm-> Strings[395]) != (char *)0)) { if (((tterm-> Strings[50]) != (char *)(-1) && (tterm-> Strings[50]) != (char *)0) && !strcmp(tterm-> Strings[50], tterm-> Strings[395])) tterm-> Strings[50] = (char *)0; if (((tterm-> Strings[123]) != (char *)(-1) && (tterm-> Strings[123]) != (char *)0) && !strcmp(tterm-> Strings[123], tterm-> Strings[395])) tterm-> Strings[123] = (char *)0; } } |