Bug 1643753 - There is a Segmentation fault on unknown address in function _nc_name_match in libncurses6.1
Summary: There is a Segmentation fault on unknown address in function _nc_name_match i...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ncurses
Version: 7.7-Alt
Hardware: All
OS: All
unspecified
urgent
Target Milestone: rc
: ---
Assignee: Miroslav Lichvar
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-10-28 12:24 UTC by shuitao gan
Modified: 2019-06-20 15:59 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-20 15:59:50 UTC


Attachments (Terms of Use)
Trigger by "./captoinfo POC0" (629 bytes, application/x-rar)
2018-10-28 12:24 UTC, shuitao gan
no flags Details

Description shuitao gan 2018-10-28 12:24:29 UTC
Created attachment 1498272 [details]
Trigger by "./captoinfo POC0"

version: ncurses6.1
Summary: 

There is a Segmentation fault on unknown address in libncurses. 

Description:

The asan debug is as follows:

$./captoinfo POC0

=================================================================
==84588==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000004d72cf sp 0x7fffba4e11a0 bp 0x7fffba4e34f0 T0)
==84588==WARNING: Trying to symbolize code, but external symbolizer is not initialized!
    #0 0x4d72ce (/home/company/real_sanitize/poc_check/ncurses/captoinfo_addr+0x4d72ce)
    #1 0x4ef543 (/home/company/real_sanitize/poc_check/ncurses/captoinfo_addr+0x4ef543)
    #2 0x4827a2 (/home/company/real_sanitize/poc_check/ncurses/captoinfo_addr+0x4827a2)
    #3 0x7f41c86c3a3f (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
    #4 0x47e428 (/home/company/real_sanitize/poc_check/ncurses/captoinfo_addr+0x47e428)


normal execution as below:

$./captoinfo POC0

Program received signal SIGSEGV, Segmentation fault.
0x0000000000450755 in _nc_name_match ()
(gdb) bt
#0  0x0000000000450755 in _nc_name_match ()
#1  0x00000000004726d1 in _nc_resolve_uses2 ()
#2  0x000000000040662a in main ()

Comment 2 Miroslav Lichvar 2018-10-29 08:57:05 UTC
In RHEL7 there is no ncurses-6.1. Can you please report it on the upstream mailing list?

Comment 3 Huzaifa S. Sidhpurwala 2018-11-27 06:29:41 UTC
(In reply to Miroslav Lichvar from comment #2)
> In RHEL7 there is no ncurses-6.1. Can you please report it on the upstream
> mailing list?

And mention clearly how to reproduce this, instead of sending a termcap file?

Comment 4 Miroslav Lichvar 2018-11-28 15:00:10 UTC
The comment #0 suggests it should be an input of the captoinfo utility. But it doesn't seem to crash for me with the current ncurses-6.1 code (nor the other POC file from the bug #1643754).

It would be good to at least know which ncurses-6.1 version exactly crashed.

I'm CCing the upstream maintainer if he could make any sense of this.

Comment 5 Thomas E. Dickey 2018-11-28 21:45:53 UTC
It doesn't crash with current ncurses, and as noted is not relevant to RHEL7.
In a quick check, it doesn't crash with ncurses 6.1 release, either.


Note You need to log in before you can comment on or make changes to this bug.