bin/123977: Segmentation fault in dialog with
ghostscript-gpl-nox11 port
Kris Kennaway
kris at FreeBSD.org
Sun May 25 12:50:05 UTC 2008
The following reply was made to PR bin/123977; it has been noted by GNATS.
From: Kris Kennaway <kris at FreeBSD.org>
To: Jille <jille at quis.cx>
Cc: FreeBSD-gnats-submit at FreeBSD.org, Ed <ed at FreeBSD.org>
Subject: Re: bin/123977: Segmentation fault in dialog with ghostscript-gpl-nox11
port
Date: Sun, 25 May 2008 14:43:39 +0200
Jille wrote:
>
>
> Kris Kennaway schreef:
>> Jille wrote:
>>
>>>> Environment:
>>> System: FreeBSD bob.omicidio.nl 6.2-RELEASE-p9 FreeBSD 6.2-RELEASE-p9
>>> #0: Sun Jan 13 12:50:30 CET 2008
>>> quis at bob.omicidio.nl:/usr/obj/usr/src/sys/BOB i386
>>>
>>> libdialog.so.5 => /usr/lib/libdialog.so.5 (0x2807b000)
>>> libncurses.so.6 => /lib/libncurses.so.6 (0x28094000)
>>> libc.so.6 => /lib/libc.so.6 (0x280d3000)
>>>> Description:
>>> When trying make config in /usr/ports/print/ghostscript-gpl-nox11,
>>> I get a normal dialog (with a lot of options, might be a/the
>>> problem ?)
>>> When I hit OK, Dialog crashes with SIGSEGV (when hitting Cancel
>>> it doesn't crash)
>>> Output:
>>> Segmentation fault (core dumped)
>>> ===> Options unchanged
>>>
>>> # portsnap fetch extract
>>> didn't solve the problem
>>>> How-To-Repeat:
>>> cd /usr/ports/print/ghostscript-gpl-nox11
>>> make config
>>> tab, enter (OK)
>>>> Fix:
>>> Unfortunately I couldn't get a backtrace.
>>> (Recompiled dialog and libndialog with -g)
>>> I can give the memory adresses in the backtrace, but they seem
>>> quite useless.
>>> I'm willing to provide help of course, so tell me what to do :)
>>>
>>> Note: the recompiled dialog and libndialog where the 6.3-sources!
>>> (I had 6.3 checked out, and compiled, to be able to upgrade with a
>>> few commands)
>>> However the crash also occurred with the original 6.2-source.
>>
>> In order to proceed with this we need either a reliable way to
>> reproduce this, or a backtrace.
> I just tested and couldn't reproduce it on 6.3-p2 with the same port
> (that system does have X11)
> I can reproduce it on the 6.2 box.
>
> Could you tell me what to do to produce a backtrace ?
The process is documented in the developers handbook.
> The backtrace I could get (without function names, files, linenos etc)
> was huge, I didn't made it to the top (> 500).
> I can try to dump it entirely, might it ever stop.
>
> I can also upload my dialog-binary, dialog-core, libdialog-with-debug,
> and libc somewhere ?
>
> I have compiled dialog and libdialog with -g, should I also do it with
> libc ?
It may be necessary, but if it is crashing in dialog then those parts of
the backtrace should be fine at least. If you are not seeing any
file:line details then something went wrong with your -g binaries, e.g.
they were stripped when they were installed.
> A few minutes after submitting this PR I saw
> http://www.freebsd.org/cgi/query-pr.cgi?pr=gnu/45168
> A buffer overflow in dialog, when having too many options selected
> (MAX_LEN (output length) = 2048, and they're using strcpy)
Yes, the dialog code is quite "low-grade" :)
> (The category should be changed from bin -> gnu btw, missed the gnu in
> the list)
>
> I'm gonna try to get to the top of the backtrace now.
Kris
More information about the freebsd-bugs
mailing list