segfault while resizing with wide characters in the buffer

bug-ncurses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

segfault while resizing with wide characters in the buffer

From:	Anthony Sottile
Subject:	segfault while resizing with wide characters in the buffer
Date:	Sat, 19 Feb 2022 12:58:11 -0500

here's all the information I have -- I'm currently developing a text
editor in python using curses

I've checked the latest version of curses I have available which is
from ubuntu jammy:

ii  libncursesw6:amd64         6.3-2                             amd64
       shared libraries for terminal handling (wide character support)

my current reproduction involves opening my text editor and pasting this text:

$ cat ~/workspace/TODO
paste this into babi and then resize a bunch and lol core dump

     🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵
4.3 MB 6.2 MB/s

the character there is `LARGE BLUE CIRCLE`, code point

>>> '\U0001f535'
'🔵'

when I paste that text into the editor and resize the terminal window
I get a segfault

here's the backtrace:

```
Core was generated by `/home/asottile/opt/venv/bin/python
/home/asottile/bin/babi'.
Program terminated with signal SIGABRT, Aborted.
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50    ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007fdaa1997859 in __GI_abort () at abort.c:79
#2  0x00007fdaa1a023ee in __libc_message (action=action@entry=do_abort,
    fmt=fmt@entry=0x7fdaa1b2c285 "%s\n") at ../sysdeps/posix/libc_fatal.c:155
#3  0x00007fdaa1a0a47c in malloc_printerr (
    str=str@entry=0x7fdaa1b2a43a "corrupted size vs. prev_size")
    at malloc.c:5347
#4  0x00007fdaa1a0aaeb in unlink_chunk (p=p@entry=0x120c9f0,
    av=0x7fdaa1b5db80 <main_arena>) at malloc.c:1454
#5  0x00007fdaa1a0c00b in _int_free (av=0x7fdaa1b5db80 <main_arena>,
    p=0x11fe220, have_lock=<optimized out>) at malloc.c:4342
#6  0x00007fdaa0f0f859 in wresize ()
   from /lib/x86_64-linux-gnu/libncursesw.so.6
#7  0x00007fdaa0f0f08f in resize_term_sp ()
   from /lib/x86_64-linux-gnu/libncursesw.so.6
#8  0x00007fdaa0f0f208 in resizeterm_sp ()
   from /lib/x86_64-linux-gnu/libncursesw.so.6
#9  0x00007fdaa0ec4964 in _nc_update_screensize ()
   from /lib/x86_64-linux-gnu/libtinfo.so.6
#10 0x00007fdaa0ef2cff in ?? () from /lib/x86_64-linux-gnu/libncursesw.so.6
#11 0x00007fdaa0f0bc64 in wget_wch ()
   from /lib/x86_64-linux-gnu/libncursesw.so.6
#12 0x00007fdaa0f3e94c in ?? ()
   from /usr/lib/python3.8/lib-dynload/_curses.cpython-38-x86_64-linux-gnu.so
#13 0x0000000000504fad in ?? ()
#14 0x000000000056b5e0 in _PyEval_EvalFrameDefault ()
#15 0x00000000005f6226 in _PyFunction_Vectorcall ()
#16 0x000000000056b5e0 in _PyEval_EvalFrameDefault ()
#17 0x00000000005f6226 in _PyFunction_Vectorcall ()
#18 0x000000000056b5e0 in _PyEval_EvalFrameDefault ()
#19 0x00000000005f6226 in _PyFunction_Vectorcall ()
#20 0x000000000056b3fe in _PyEval_EvalFrameDefault ()
#21 0x00000000005696da in _PyEval_EvalCodeWithName ()
#22 0x00000000005f6403 in _PyFunction_Vectorcall ()
#23 0x000000000056b3fe in _PyEval_EvalFrameDefault ()
#24 0x00000000006b398c in ?? ()
#25 0x000000000056b3fe in _PyEval_EvalFrameDefault ()
#26 0x00000000005696da in _PyEval_EvalCodeWithName ()
#27 0x000000000068db17 in PyEval_EvalCode ()
#28 0x000000000067eeb1 in ?? ()
--Type <RET> for more, q to quit, c to continue without paging--
#29 0x000000000067ef2f in ?? ()
#30 0x000000000067efd1 in ?? ()
#31 0x000000000067f377 in PyRun_SimpleFileExFlags ()
#32 0x00000000006b7902 in Py_RunMain ()
#33 0x00000000006b7c8d in Py_BytesMain ()
#34 0x00007fdaa19990b3 in __libc_start_main (main=0x4eed30 <main>, argc=2,
    argv=0x7ffc06b50cb8, init=<optimized out>, fini=<optimized out>,
    rtld_fini=<optimized out>, stack_end=0x7ffc06b50ca8)
    at ../csu/libc-start.c:308
#35 0x00000000005fb12e in _start ()
```

here's how to reproduce using docker:

```console
$ docker run --rm -ti ubuntu:jammy bash -exc 'apt-get -qq update &&
DEBIAN_FRONTEND=noninteractive apt-get install -qq -y
--no-install-recommends curl ca-certificates python3-distutils >&
/dev/null && curl --silent -o virtualenv.pyz
https://bootstrap.pypa.io/virtualenv.pyz && mkdir y && cd y && python3
../virtualenv.pyz venv && venv/bin/pip install babi && venv/bin/babi'
```

here's my host information:

```console
$ uname -a
Linux babibox 5.13.0-30-generic #33~20.04.1-Ubuntu SMP Mon Feb 7
14:25:10 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
$ lsb_release -a
No LSB modules are available.
Distributor ID:    Ubuntu
Description:    Ubuntu 20.04.3 LTS
Release:    20.04
Codename:    focal
```

anthony

[Prev in Thread]

Current Thread

[Next in Thread]

segfault while resizing with wide characters in the buffer, Anthony Sottile <=

Prev by Date: Re: why terminal resize changes size of windows?
Next by Date: ANN: ncurses-6.3-20220219
Previous by thread: ANN: ncurses-6.3-20220212
Next by thread: ANN: ncurses-6.3-20220219
Index(es):
- Date
- Thread