Created attachment 1498272 [details]
Trigger by "./captoinfo POC0"
There is a Segmentation fault on unknown address in libncurses.
The asan debug is as follows:
==84588==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000004d72cf sp 0x7fffba4e11a0 bp 0x7fffba4e34f0 T0)
==84588==WARNING: Trying to symbolize code, but external symbolizer is not initialized!
#0 0x4d72ce (/home/company/real_sanitize/poc_check/ncurses/captoinfo_addr+0x4d72ce)
#1 0x4ef543 (/home/company/real_sanitize/poc_check/ncurses/captoinfo_addr+0x4ef543)
#2 0x4827a2 (/home/company/real_sanitize/poc_check/ncurses/captoinfo_addr+0x4827a2)
#3 0x7f41c86c3a3f (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
#4 0x47e428 (/home/company/real_sanitize/poc_check/ncurses/captoinfo_addr+0x47e428)
normal execution as below:
Program received signal SIGSEGV, Segmentation fault.
0x0000000000450755 in _nc_name_match ()
#0 0x0000000000450755 in _nc_name_match ()
#1 0x00000000004726d1 in _nc_resolve_uses2 ()
#2 0x000000000040662a in main ()
In RHEL7 there is no ncurses-6.1. Can you please report it on the upstream mailing list?
(In reply to Miroslav Lichvar from comment #2)
> In RHEL7 there is no ncurses-6.1. Can you please report it on the upstream
> mailing list?
And mention clearly how to reproduce this, instead of sending a termcap file?
The comment #0 suggests it should be an input of the captoinfo utility. But it doesn't seem to crash for me with the current ncurses-6.1 code (nor the other POC file from the bug #1643754).
It would be good to at least know which ncurses-6.1 version exactly crashed.
I'm CCing the upstream maintainer if he could make any sense of this.
It doesn't crash with current ncurses, and as noted is not relevant to RHEL7.
In a quick check, it doesn't crash with ncurses 6.1 release, either.
FYI this was fixed back in 6.0.20170701