2229961 – tmux segmentation fault in tty_set_selection

Bug 2229961 - tmux segmentation fault in tty_set_selection [NEEDINFO]

Summary: tmux segmentation fault in tty_set_selection

Keywords:
Status:	NEW
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	tmux
Sub Component:
Version:	39
Hardware:	Unspecified
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Sven Lankes
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:	https://github.com/tmux/tmux/issues/3531
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2023-08-08 10:11 UTC by François Rigault
Modified:	2023-08-16 08:14 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type:	---
Embargoed:
Dependent Products:
Flags:	rosset.filipe: needinfo? (dcantrell)

Attachments	(Terms of Use)

Description François Rigault 2023-08-08 10:11:29 UTC

tmux crashes with segmentation fault

Reproducible: 

Actual Results:  
Program terminated with signal SIGSEGV, Segmentation fault.

(gdb) bt
#0  0x0000561bc5d38e37 in tty_puts (s=<optimized out>, tty=<optimized out>) at /usr/src/debug/tmux-3.3a-4.fc39.x86_64/tty.c:570
#1  tty_putcode_ptr2.part.0.constprop.0 (tty=0x561bc5ff8698, b=<optimized out>, a=0x561bc5d4fbad, code=TTYC_MS) at /usr/src/debug/tmux-3.3a-4.fc39.x86_64/tty.c:544
#2  0x0000561bc5d1a27b in tty_putcode_ptr2 (code=TTYC_MS, a=0x561bc5d4fbad, b=0x561bc63163e0, tty=0x561bc5ff8698)
    at /usr/src/debug/tmux-3.3a-4.fc39.x86_64/tty.c:2107
#3  tty_set_selection (len=1, buf=0x561bc5fb8370 "\n<\215\247\036V", tty=0x561bc5ff8698) at /usr/src/debug/tmux-3.3a-4.fc39.x86_64/tty.c:2104
#4  tty_set_selection (tty=0x561bc5ff8698, buf=0x561bc5fb8370 "\n<\215\247\036V", len=1) at /usr/src/debug/tmux-3.3a-4.fc39.x86_64/tty.c:2089
#5  0x0000561bc5d1a197 in tty_write (cmdfn=0x561bc5d1a280 <tty_cmd_setselection>, ctx=0x7ffd2afde890) at /usr/src/debug/tmux-3.3a-4.fc39.x86_64/tty.c:1630
#6  0x0000561bc5d3da3d in screen_write_setselection (len=1, str=0x561bc5fb8370 "\n<\215\247\036V", ctx=0x7ffd2afde850)
    at /usr/src/debug/tmux-3.3a-4.fc39.x86_64/screen-write.c:2096
#7  window_copy_copy_buffer.isra.0 (prefix=0x0, buf=0x561bc5fb8370, len=1, wme=<optimized out>) at /usr/src/debug/tmux-3.3a-4.fc39.x86_64/window-copy.c:4573
#8  0x0000561bc5d22324 in window_copy_copy_pipe (cmd=0x0, prefix=0x0, s=0x561bc5fd9600, wme=0x561bc61dae70)
    at /usr/src/debug/tmux-3.3a-4.fc39.x86_64/window-copy.c:4617



I think it's linked with https://github.com/tmux/tmux/issues/3531

$ rpm -q ncurses tmux
ncurses-6.4-6.20230520.fc39.x86_64
tmux-3.3a-4.fc39.x86_64

Is it possible to ship a newer version of tmux?

Comment 1 Filipe Rosset 2023-08-08 15:38:30 UTC

Hi Francois, I was reading the upstream tmux issue but I'm still not sure where the problem is, tmux, ncurses or at 

@

Comment 2 Filipe Rosset 2023-08-08 15:41:53 UTC

Hi Francois, I was reading the upstream tmux issue but I'm still not sure where the problem is, tmux, ncurses or at rxvt-unicode

@mlichvar @dcantrell can you please help here?
thanks.

https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/x11/rxvt-unicode/patches/patch-src_command_C?rev=1.6&content-type=text/plain

ref.
https://github.com/tmux/tmux/issues/3470

tmux-3.3a is the latest release, I'd like to upgrade to 3.4 when upstream releases this as a final version.

Comment 3 Miroslav Lichvar 2023-08-10 13:27:32 UTC

The backtrace shows only tmux functions, so I think this would be a tmux bug.

Comment 4 Fedora Release Engineering 2023-08-16 08:14:01 UTC

This bug appears to have been reported against 'rawhide' during the Fedora Linux 39 development cycle.
Changing version to 39.

Note You need to log in before you can comment on or make changes to this bug.