bin/123977: Segmentation fault in dialog with ghostscript-gpl-nox11 port

Jille jille at quis.cx
Sun May 25 12:40:05 UTC 2008 

The following reply was made to PR bin/123977; it has been noted by GNATS.

From: Jille <jille at quis.cx>
To: Kris Kennaway <kris at FreeBSD.org>
Cc: FreeBSD-gnats-submit at FreeBSD.org, Ed <ed at FreeBSD.org>
Subject: Re: bin/123977: Segmentation fault in dialog with ghostscript-gpl-nox11
 port
Date: Sun, 25 May 2008 14:11:25 +0200

 Kris Kennaway schreef:
 > Jille wrote:
 > 
 >>> Environment:
 >> System: FreeBSD bob.omicidio.nl 6.2-RELEASE-p9 FreeBSD 6.2-RELEASE-p9 
 >> #0: Sun Jan 13 12:50:30 CET 2008 
 >> quis at bob.omicidio.nl:/usr/obj/usr/src/sys/BOB i386
 >>
 >>         libdialog.so.5 => /usr/lib/libdialog.so.5 (0x2807b000)
 >>         libncurses.so.6 => /lib/libncurses.so.6 (0x28094000)
 >>         libc.so.6 => /lib/libc.so.6 (0x280d3000)
 >>> Description:
 >>     When trying make config in /usr/ports/print/ghostscript-gpl-nox11,
 >>     I get a normal dialog (with a lot of options, might be a/the 
 >> problem ?)
 >>     When I hit OK, Dialog crashes with SIGSEGV (when hitting Cancel it 
 >> doesn't crash)
 >>     Output:
 >>     Segmentation fault (core dumped)
 >>     ===> Options unchanged
 >>
 >>     # portsnap fetch extract
 >>     didn't solve the problem
 >>> How-To-Repeat:
 >>     cd /usr/ports/print/ghostscript-gpl-nox11
 >>     make config
 >>     tab, enter (OK)
 >>> Fix:
 >>     Unfortunately I couldn't get a backtrace.
 >>     (Recompiled dialog and libndialog with -g)
 >>     I can give the memory adresses in the backtrace, but they seem 
 >> quite useless.
 >>     I'm willing to provide help of course, so tell me what to do :)
 >>
 >>     Note: the recompiled dialog and libndialog where the 6.3-sources! 
 >> (I had 6.3 checked out, and compiled, to be able to upgrade with a few 
 >> commands)
 >>     However the crash also occurred with the original 6.2-source.
 > 
 > In order to proceed with this we need either a reliable way to reproduce 
 > this, or a backtrace.
 I just tested and couldn't reproduce it on 6.3-p2 with the same port 
 (that system does have X11)
 I can reproduce it on the 6.2 box.
 
 Could you tell me what to do to produce a backtrace ?
 The backtrace I could get (without function names, files, linenos etc) 
 was huge, I didn't made it to the top (> 500).
 I can try to dump it entirely, might it ever stop.
 
 I can also upload my dialog-binary, dialog-core, libdialog-with-debug, 
 and libc somewhere ?
 
 I have compiled dialog and libdialog with -g, should I also do it with 
 libc ?
 
 A few minutes after submitting this PR I saw
 http://www.freebsd.org/cgi/query-pr.cgi?pr=gnu/45168
 A buffer overflow in dialog, when having too many options selected 
 (MAX_LEN (output length) = 2048, and they're using strcpy)
 
 (The category should be changed from bin -> gnu btw, missed the gnu in 
 the list)
 
 I'm gonna try to get to the top of the backtrace now.
 
 -- Jille
 > 
 > Kris

More information about the freebsd-bugs mailing list