RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Created attachment 1498272 [details]
Trigger by "./captoinfo POC0"

version: ncurses6.1
Summary: 

There is a Segmentation fault on unknown address in libncurses. 

Description:

The asan debug is as follows:

$./captoinfo POC0

=================================================================
==84588==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000004d72cf sp 0x7fffba4e11a0 bp 0x7fffba4e34f0 T0)
==84588==WARNING: Trying to symbolize code, but external symbolizer is not initialized!
    #0 0x4d72ce (/home/company/real_sanitize/poc_check/ncurses/captoinfo_addr+0x4d72ce)
    #1 0x4ef543 (/home/company/real_sanitize/poc_check/ncurses/captoinfo_addr+0x4ef543)
    #2 0x4827a2 (/home/company/real_sanitize/poc_check/ncurses/captoinfo_addr+0x4827a2)
    #3 0x7f41c86c3a3f (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
    #4 0x47e428 (/home/company/real_sanitize/poc_check/ncurses/captoinfo_addr+0x47e428)


normal execution as below:

$./captoinfo POC0

Program received signal SIGSEGV, Segmentation fault.
0x0000000000450755 in _nc_name_match ()
(gdb) bt
#0  0x0000000000450755 in _nc_name_match ()
#1  0x00000000004726d1 in _nc_resolve_uses2 ()
#2  0x000000000040662a in main ()

In RHEL7 there is no ncurses-6.1. Can you please report it on the upstream mailing list?

(In reply to Miroslav Lichvar from comment #2)
> In RHEL7 there is no ncurses-6.1. Can you please report it on the upstream
> mailing list?

And mention clearly how to reproduce this, instead of sending a termcap file?

The comment #0 suggests it should be an input of the captoinfo utility. But it doesn't seem to crash for me with the current ncurses-6.1 code (nor the other POC file from the bug #1643754).

It would be good to at least know which ncurses-6.1 version exactly crashed.

I'm CCing the upstream maintainer if he could make any sense of this.

It doesn't crash with current ncurses, and as noted is not relevant to RHEL7.
In a quick check, it doesn't crash with ncurses 6.1 release, either.

FYI this was fixed back in 6.0.20170701
https://lists.gnu.org/archive/html/bug-ncurses/2019-04/msg00020.html
https://invisible-island.net/ncurses/NEWS.html#t20170701