Bug 1066168

Summary: [abrt] dialog: unescape_argv(): dialog killed by SIGSEGV
Product: [Fedora] Fedora Reporter: Robert Strickler <bugz.to.anomalyst>
Component: dialogAssignee: Miroslav Lichvar <mlichvar>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 20CC: dickey, mlichvar
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/73787ed78c9bf67f80437db4b6089461db8ac262
Whiteboard: abrt_hash:44936c701fe98a474ec499b27840e426e542bdb3
Fixed In Version: dialog-1.2-7.20140219.fc21 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-02-20 13:30:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: backtrace
none
File: cgroup
none
File: core_backtrace
none
File: dso_list
none
File: environ
none
File: exploitable
none
File: limits
none
File: maps
none
File: open_fds
none
File: proc_pid_status
none
File: var_log_messages none

Description Robert Strickler 2014-02-17 22:11:51 UTC 
Description of problem:
submitted malformed dialog commandline. Resolved before ABRT presented notification so I dont have the submitted arg file.

Version-Release number of selected component:
dialog-1.2-4.20130902.fc20

Additional info:
reporter:       libreport-2.1.12
backtrace_rating: 4
cmdline:        dialog --title 'Only 1 candidate device found' --file /tmp/rpi2 --yesno 15 50 --defaultno
crash_function: unescape_argv
executable:     /usr/bin/dialog
kernel:         3.12.10-300.fc20.x86_64
runlevel:       unknown
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (1 frames)
 #0 unescape_argv at dialog.c:369
Comment 1 Robert Strickler 2014-02-17 22:11:56 UTC 
Created attachment 864303 [details]
File: backtrace
Comment 2 Robert Strickler 2014-02-17 22:11:57 UTC 
Created attachment 864304 [details]
File: cgroup
Comment 3 Robert Strickler 2014-02-17 22:11:59 UTC 
Created attachment 864305 [details]
File: core_backtrace
Comment 4 Robert Strickler 2014-02-17 22:12:01 UTC 
Created attachment 864306 [details]
File: dso_list
Comment 5 Robert Strickler 2014-02-17 22:12:02 UTC 
Created attachment 864307 [details]
File: environ
Comment 6 Robert Strickler 2014-02-17 22:12:05 UTC 
Created attachment 864308 [details]
File: exploitable
Comment 7 Robert Strickler 2014-02-17 22:12:08 UTC 
Created attachment 864309 [details]
File: limits
Comment 8 Robert Strickler 2014-02-17 22:12:12 UTC 
Created attachment 864310 [details]
File: maps
Comment 9 Robert Strickler 2014-02-17 22:12:13 UTC 
Created attachment 864311 [details]
File: open_fds
Comment 10 Robert Strickler 2014-02-17 22:12:14 UTC 
Created attachment 864312 [details]
File: proc_pid_status
Comment 11 Robert Strickler 2014-02-17 22:12:16 UTC 
Created attachment 864313 [details]
File: var_log_messages
Comment 12 Miroslav Lichvar 2014-02-18 13:57:06 UTC 
I can reproduce it with

dialog --file <(echo aaa) --yesno 15 50

The latest upstream dialog (20140112) seems to crash too. CCing upstream maintainer.
Comment 13 Thomas E. Dickey 2014-02-19 01:09:46 UTC 
I see - basically the problem is that the cases I tested all
had more than one token (so the adjustment-loop is wrong).
will fix...
Comment 14 Thomas E. Dickey 2014-02-20 01:25:56 UTC 
I've uploaded a fixed version.
Comment 15 Miroslav Lichvar 2014-02-20 13:30:04 UTC 
Thanks, Thomas.
Comment 16 Thomas E. Dickey 2014-02-20 23:09:54 UTC 
no problem (report bugs)