Bug 1066168 - [abrt] dialog: unescape_argv(): dialog killed by SIGSEGV
[abrt] dialog: unescape_argv(): dialog killed by SIGSEGV
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: dialog (Show other bugs)
20
x86_64 Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Miroslav Lichvar
Fedora Extras Quality Assurance
https://retrace.fedoraproject.org/faf...
abrt_hash:44936c701fe98a474ec499b2784...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2014-02-17 17:11 EST by Robert Strickler
Modified: 2014-02-20 18:09 EST (History)
2 users (show)

See Also:
Fixed In Version: dialog-1.2-7.20140219.fc21
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-02-20 08:30:04 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
File: backtrace (57.51 KB, text/plain)
2014-02-17 17:11 EST, Robert Strickler
no flags Details
File: cgroup (172 bytes, text/plain)
2014-02-17 17:11 EST, Robert Strickler
no flags Details
File: core_backtrace (491 bytes, text/plain)
2014-02-17 17:11 EST, Robert Strickler
no flags Details
File: dso_list (769 bytes, text/plain)
2014-02-17 17:12 EST, Robert Strickler
no flags Details
File: environ (3.68 KB, text/plain)
2014-02-17 17:12 EST, Robert Strickler
no flags Details
File: exploitable (82 bytes, text/plain)
2014-02-17 17:12 EST, Robert Strickler
no flags Details
File: limits (1.29 KB, text/plain)
2014-02-17 17:12 EST, Robert Strickler
no flags Details
File: maps (3.62 KB, text/plain)
2014-02-17 17:12 EST, Robert Strickler
no flags Details
File: open_fds (105 bytes, text/plain)
2014-02-17 17:12 EST, Robert Strickler
no flags Details
File: proc_pid_status (927 bytes, text/plain)
2014-02-17 17:12 EST, Robert Strickler
no flags Details
File: var_log_messages (359 bytes, text/plain)
2014-02-17 17:12 EST, Robert Strickler
no flags Details

  None (edit)
Description Robert Strickler 2014-02-17 17:11:51 EST
Description of problem:
submitted malformed dialog commandline. Resolved before ABRT presented notification so I dont have the submitted arg file.

Version-Release number of selected component:
dialog-1.2-4.20130902.fc20

Additional info:
reporter:       libreport-2.1.12
backtrace_rating: 4
cmdline:        dialog --title 'Only 1 candidate device found' --file /tmp/rpi2 --yesno 15 50 --defaultno
crash_function: unescape_argv
executable:     /usr/bin/dialog
kernel:         3.12.10-300.fc20.x86_64
runlevel:       unknown
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (1 frames)
 #0 unescape_argv at dialog.c:369
Comment 1 Robert Strickler 2014-02-17 17:11:56 EST
Created attachment 864303 [details]
File: backtrace
Comment 2 Robert Strickler 2014-02-17 17:11:57 EST
Created attachment 864304 [details]
File: cgroup
Comment 3 Robert Strickler 2014-02-17 17:11:59 EST
Created attachment 864305 [details]
File: core_backtrace
Comment 4 Robert Strickler 2014-02-17 17:12:01 EST
Created attachment 864306 [details]
File: dso_list
Comment 5 Robert Strickler 2014-02-17 17:12:02 EST
Created attachment 864307 [details]
File: environ
Comment 6 Robert Strickler 2014-02-17 17:12:05 EST
Created attachment 864308 [details]
File: exploitable
Comment 7 Robert Strickler 2014-02-17 17:12:08 EST
Created attachment 864309 [details]
File: limits
Comment 8 Robert Strickler 2014-02-17 17:12:12 EST
Created attachment 864310 [details]
File: maps
Comment 9 Robert Strickler 2014-02-17 17:12:13 EST
Created attachment 864311 [details]
File: open_fds
Comment 10 Robert Strickler 2014-02-17 17:12:14 EST
Created attachment 864312 [details]
File: proc_pid_status
Comment 11 Robert Strickler 2014-02-17 17:12:16 EST
Created attachment 864313 [details]
File: var_log_messages
Comment 12 Miroslav Lichvar 2014-02-18 08:57:06 EST
I can reproduce it with

dialog --file <(echo aaa) --yesno 15 50

The latest upstream dialog (20140112) seems to crash too. CCing upstream maintainer.
Comment 13 Thomas E. Dickey 2014-02-18 20:09:46 EST
I see - basically the problem is that the cases I tested all
had more than one token (so the adjustment-loop is wrong).
will fix...
Comment 14 Thomas E. Dickey 2014-02-19 20:25:56 EST
I've uploaded a fixed version.
Comment 15 Miroslav Lichvar 2014-02-20 08:30:04 EST
Thanks, Thomas.
Comment 16 Thomas E. Dickey 2014-02-20 18:09:54 EST
no problem (report bugs)

Note You need to log in before you can comment on or make changes to this bug.