RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1643753 - There is a Segmentation fault on unknown address in function _nc_name_match in libncurses6.1
Summary: There is a Segmentation fault on unknown address in function _nc_name_match i...
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ncurses
Version: 7.7-Alt
Hardware: All
OS: All
Target Milestone: rc
: ---
Assignee: Miroslav Lichvar
QA Contact: qe-baseos-daemons
Depends On:
TreeView+ depends on / blocked
Reported: 2018-10-28 12:24 UTC by shuitao gan
Modified: 2019-06-20 15:59 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2019-06-20 15:59:50 UTC
Target Upstream Version:

Attachments (Terms of Use)
Trigger by "./captoinfo POC0" (629 bytes, application/x-rar)
2018-10-28 12:24 UTC, shuitao gan
no flags Details

Description shuitao gan 2018-10-28 12:24:29 UTC
Created attachment 1498272 [details]
Trigger by "./captoinfo POC0"

version: ncurses6.1

There is a Segmentation fault on unknown address in libncurses. 


The asan debug is as follows:

$./captoinfo POC0

==84588==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000004d72cf sp 0x7fffba4e11a0 bp 0x7fffba4e34f0 T0)
==84588==WARNING: Trying to symbolize code, but external symbolizer is not initialized!
    #0 0x4d72ce (/home/company/real_sanitize/poc_check/ncurses/captoinfo_addr+0x4d72ce)
    #1 0x4ef543 (/home/company/real_sanitize/poc_check/ncurses/captoinfo_addr+0x4ef543)
    #2 0x4827a2 (/home/company/real_sanitize/poc_check/ncurses/captoinfo_addr+0x4827a2)
    #3 0x7f41c86c3a3f (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
    #4 0x47e428 (/home/company/real_sanitize/poc_check/ncurses/captoinfo_addr+0x47e428)

normal execution as below:

$./captoinfo POC0

Program received signal SIGSEGV, Segmentation fault.
0x0000000000450755 in _nc_name_match ()
(gdb) bt
#0  0x0000000000450755 in _nc_name_match ()
#1  0x00000000004726d1 in _nc_resolve_uses2 ()
#2  0x000000000040662a in main ()

Comment 2 Miroslav Lichvar 2018-10-29 08:57:05 UTC
In RHEL7 there is no ncurses-6.1. Can you please report it on the upstream mailing list?

Comment 3 Huzaifa S. Sidhpurwala 2018-11-27 06:29:41 UTC
(In reply to Miroslav Lichvar from comment #2)
> In RHEL7 there is no ncurses-6.1. Can you please report it on the upstream
> mailing list?

And mention clearly how to reproduce this, instead of sending a termcap file?

Comment 4 Miroslav Lichvar 2018-11-28 15:00:10 UTC
The comment #0 suggests it should be an input of the captoinfo utility. But it doesn't seem to crash for me with the current ncurses-6.1 code (nor the other POC file from the bug #1643754).

It would be good to at least know which ncurses-6.1 version exactly crashed.

I'm CCing the upstream maintainer if he could make any sense of this.

Comment 5 Thomas E. Dickey 2018-11-28 21:45:53 UTC
It doesn't crash with current ncurses, and as noted is not relevant to RHEL7.
In a quick check, it doesn't crash with ncurses 6.1 release, either.

Note You need to log in before you can comment on or make changes to this bug.