Date: Sun, 25 May 2008 12:50:05 GMT From: Kris Kennaway <kris@FreeBSD.org> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/123977: Segmentation fault in dialog with ghostscript-gpl-nox11 port Message-ID: <200805251250.m4PCo5YK035060@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/123977; it has been noted by GNATS. From: Kris Kennaway <kris@FreeBSD.org> To: Jille <jille@quis.cx> Cc: FreeBSD-gnats-submit@FreeBSD.org, Ed <ed@FreeBSD.org> Subject: Re: bin/123977: Segmentation fault in dialog with ghostscript-gpl-nox11 port Date: Sun, 25 May 2008 14:43:39 +0200 Jille wrote: > > > Kris Kennaway schreef: >> Jille wrote: >> >>>> Environment: >>> System: FreeBSD bob.omicidio.nl 6.2-RELEASE-p9 FreeBSD 6.2-RELEASE-p9 >>> #0: Sun Jan 13 12:50:30 CET 2008 >>> quis@bob.omicidio.nl:/usr/obj/usr/src/sys/BOB i386 >>> >>> libdialog.so.5 => /usr/lib/libdialog.so.5 (0x2807b000) >>> libncurses.so.6 => /lib/libncurses.so.6 (0x28094000) >>> libc.so.6 => /lib/libc.so.6 (0x280d3000) >>>> Description: >>> When trying make config in /usr/ports/print/ghostscript-gpl-nox11, >>> I get a normal dialog (with a lot of options, might be a/the >>> problem ?) >>> When I hit OK, Dialog crashes with SIGSEGV (when hitting Cancel >>> it doesn't crash) >>> Output: >>> Segmentation fault (core dumped) >>> ===> Options unchanged >>> >>> # portsnap fetch extract >>> didn't solve the problem >>>> How-To-Repeat: >>> cd /usr/ports/print/ghostscript-gpl-nox11 >>> make config >>> tab, enter (OK) >>>> Fix: >>> Unfortunately I couldn't get a backtrace. >>> (Recompiled dialog and libndialog with -g) >>> I can give the memory adresses in the backtrace, but they seem >>> quite useless. >>> I'm willing to provide help of course, so tell me what to do :) >>> >>> Note: the recompiled dialog and libndialog where the 6.3-sources! >>> (I had 6.3 checked out, and compiled, to be able to upgrade with a >>> few commands) >>> However the crash also occurred with the original 6.2-source. >> >> In order to proceed with this we need either a reliable way to >> reproduce this, or a backtrace. > I just tested and couldn't reproduce it on 6.3-p2 with the same port > (that system does have X11) > I can reproduce it on the 6.2 box. > > Could you tell me what to do to produce a backtrace ? The process is documented in the developers handbook. > The backtrace I could get (without function names, files, linenos etc) > was huge, I didn't made it to the top (> 500). > I can try to dump it entirely, might it ever stop. > > I can also upload my dialog-binary, dialog-core, libdialog-with-debug, > and libc somewhere ? > > I have compiled dialog and libdialog with -g, should I also do it with > libc ? It may be necessary, but if it is crashing in dialog then those parts of the backtrace should be fine at least. If you are not seeing any file:line details then something went wrong with your -g binaries, e.g. they were stripped when they were installed. > A few minutes after submitting this PR I saw > http://www.freebsd.org/cgi/query-pr.cgi?pr=gnu/45168 > A buffer overflow in dialog, when having too many options selected > (MAX_LEN (output length) = 2048, and they're using strcpy) Yes, the dialog code is quite "low-grade" :) > (The category should be changed from bin -> gnu btw, missed the gnu in > the list) > > I'm gonna try to get to the top of the backtrace now. Kris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200805251250.m4PCo5YK035060>