Bug 1066168 - [abrt] dialog: unescape_argv(): dialog killed by SIGSEGV
Summary: [abrt] dialog: unescape_argv(): dialog killed by SIGSEGV
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: dialog (Show other bugs)
(Show other bugs)
Version: 20
Hardware: x86_64 Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Lichvar
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:44936c701fe98a474ec499b2784...
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-02-17 22:11 UTC by Robert Strickler
Modified: 2014-02-20 23:09 UTC (History)
2 users (show)

Fixed In Version: dialog-1.2-7.20140219.fc21
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-02-20 13:30:04 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
File: backtrace (57.51 KB, text/plain)
2014-02-17 22:11 UTC, Robert Strickler
no flags Details
File: cgroup (172 bytes, text/plain)
2014-02-17 22:11 UTC, Robert Strickler
no flags Details
File: core_backtrace (491 bytes, text/plain)
2014-02-17 22:11 UTC, Robert Strickler
no flags Details
File: dso_list (769 bytes, text/plain)
2014-02-17 22:12 UTC, Robert Strickler
no flags Details
File: environ (3.68 KB, text/plain)
2014-02-17 22:12 UTC, Robert Strickler
no flags Details
File: exploitable (82 bytes, text/plain)
2014-02-17 22:12 UTC, Robert Strickler
no flags Details
File: limits (1.29 KB, text/plain)
2014-02-17 22:12 UTC, Robert Strickler
no flags Details
File: maps (3.62 KB, text/plain)
2014-02-17 22:12 UTC, Robert Strickler
no flags Details
File: open_fds (105 bytes, text/plain)
2014-02-17 22:12 UTC, Robert Strickler
no flags Details
File: proc_pid_status (927 bytes, text/plain)
2014-02-17 22:12 UTC, Robert Strickler
no flags Details
File: var_log_messages (359 bytes, text/plain)
2014-02-17 22:12 UTC, Robert Strickler
no flags Details

Description Robert Strickler 2014-02-17 22:11:51 UTC
Description of problem:
submitted malformed dialog commandline. Resolved before ABRT presented notification so I dont have the submitted arg file.

Version-Release number of selected component:
dialog-1.2-4.20130902.fc20

Additional info:
reporter:       libreport-2.1.12
backtrace_rating: 4
cmdline:        dialog --title 'Only 1 candidate device found' --file /tmp/rpi2 --yesno 15 50 --defaultno
crash_function: unescape_argv
executable:     /usr/bin/dialog
kernel:         3.12.10-300.fc20.x86_64
runlevel:       unknown
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (1 frames)
 #0 unescape_argv at dialog.c:369

Comment 1 Robert Strickler 2014-02-17 22:11:56 UTC
Created attachment 864303 [details]
File: backtrace

Comment 2 Robert Strickler 2014-02-17 22:11:57 UTC
Created attachment 864304 [details]
File: cgroup

Comment 3 Robert Strickler 2014-02-17 22:11:59 UTC
Created attachment 864305 [details]
File: core_backtrace

Comment 4 Robert Strickler 2014-02-17 22:12:01 UTC
Created attachment 864306 [details]
File: dso_list

Comment 5 Robert Strickler 2014-02-17 22:12:02 UTC
Created attachment 864307 [details]
File: environ

Comment 6 Robert Strickler 2014-02-17 22:12:05 UTC
Created attachment 864308 [details]
File: exploitable

Comment 7 Robert Strickler 2014-02-17 22:12:08 UTC
Created attachment 864309 [details]
File: limits

Comment 8 Robert Strickler 2014-02-17 22:12:12 UTC
Created attachment 864310 [details]
File: maps

Comment 9 Robert Strickler 2014-02-17 22:12:13 UTC
Created attachment 864311 [details]
File: open_fds

Comment 10 Robert Strickler 2014-02-17 22:12:14 UTC
Created attachment 864312 [details]
File: proc_pid_status

Comment 11 Robert Strickler 2014-02-17 22:12:16 UTC
Created attachment 864313 [details]
File: var_log_messages

Comment 12 Miroslav Lichvar 2014-02-18 13:57:06 UTC
I can reproduce it with

dialog --file <(echo aaa) --yesno 15 50

The latest upstream dialog (20140112) seems to crash too. CCing upstream maintainer.

Comment 13 Thomas E. Dickey 2014-02-19 01:09:46 UTC
I see - basically the problem is that the cases I tested all
had more than one token (so the adjustment-loop is wrong).
will fix...

Comment 14 Thomas E. Dickey 2014-02-20 01:25:56 UTC
I've uploaded a fixed version.

Comment 15 Miroslav Lichvar 2014-02-20 13:30:04 UTC
Thanks, Thomas.

Comment 16 Thomas E. Dickey 2014-02-20 23:09:54 UTC
no problem (report bugs)


Note You need to log in before you can comment on or make changes to this bug.