Bug 1033198

Summary: mtr crashes in libncurses
Product: [openSUSE] openSUSE Tumbleweed Reporter: Marcus Rückert <mrueckert>
Component: BasesystemAssignee: Dr. Werner Fink <werner>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: aginies, forgotten_bcqd5ipArz, forgotten_CxMpa5voWs, forgotten_MNOC3I1ypq, glin, hguo, kstreitova, lmb, martin.liska, mlin, petr.m, plinnell, sebix+novell.com, simonf.lees
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Rückert 2017-04-10 10:00:56 UTC 
TW: 20170406

rpm -q --qf "%{name}-%{version} %{disturl}\n" mtr libncurses6
mtr-0.87 obs://build.opensuse.org/openSUSE:Factory/standard/62305fb081810e6ff1bc25d6487d47e5-mtr
libncurses6-6.0 obs://build.opensuse.org/openSUSE:Factory/standard/4ae456f80050fd4058fce31020467755-ncurses

TERM=screen-256color

```
gdb --args mtr 127.0.0.1

GNU gdb (GDB; openSUSE Tumbleweed) 7.12.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-suse-linux".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://bugs.opensuse.org/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from mtr...Reading symbols from /usr/lib/debug/usr/sbin/mtr.debug...done.
done.
(gdb) r
Starting program: /usr/sbin/mtr 127.0.0.1

Program received signal SIGSEGV, Segmentation fault.
_nc_init_acs_sp (sp=sp@entry=0x555555aa50d0) at ../ncurses/tinfo/lib_acs.c:95
95      ../ncurses/tinfo/lib_acs.c: No such file or directory.
(gdb) bt
#0  _nc_init_acs_sp (sp=sp@entry=0x555555aa50d0) at ../ncurses/tinfo/lib_acs.c:95
#1  0x00007ffff769e9c0 in _nc_setupscreen_sp (spp=spp@entry=0x7fffffffe0f8, slines=<optimized out>, scolumns=<optimized out>, output=output@entry=0x7ffff72535e0 <_IO_2_1_stdout_>,
    filtered=<optimized out>, slk_format=slk_format@entry=0) at ../ncurses/base/lib_set_term.c:582
#2  0x00007ffff769ab11 in newterm_sp (sp=<optimized out>, name=name@entry=0x7fffffffe812 "screen-256color", ofp=<optimized out>, ifp=<optimized out>) at ../ncurses/base/lib_newterm.c:221
#3  0x00007ffff769b04c in newterm (name=name@entry=0x7fffffffe812 "screen-256color", ofp=<optimized out>, ifp=<optimized out>) at ../ncurses/base/lib_newterm.c:351
#4  0x00007ffff7697206 in initscr () at ../ncurses/base/lib_initscr.c:87
#5  0x0000555555559e0d in mtr_curses_open () at curses.c:700
#6  0x0000555555560b11 in display_open () at display.c:101
#7  0x0000555555557e81 in main (argc=<optimized out>, argv=<optimized out>) at mtr.c:779
(gdb) bt full
#0  _nc_init_acs_sp (sp=sp@entry=0x555555aa50d0) at ../ncurses/tinfo/lib_acs.c:95
        fake_map = 0x555555aa5c70
        real_map = 0x0
        j = 1
#1  0x00007ffff769e9c0 in _nc_setupscreen_sp (spp=spp@entry=0x7fffffffe0f8, slines=<optimized out>, scolumns=<optimized out>, output=output@entry=0x7ffff72535e0 <_IO_2_1_stdout_>,
    filtered=<optimized out>, slk_format=slk_format@entry=0) at ../ncurses/base/lib_set_term.c:582
        env = <optimized out>
        bottom_stolen = 0
        sp = 0x555555aa50d0
#2  0x00007ffff769ab11 in newterm_sp (sp=<optimized out>, name=name@entry=0x7fffffffe812 "screen-256color", ofp=<optimized out>, ifp=<optimized out>) at ../ncurses/base/lib_newterm.c:221
        slk_format = 0
        filter_mode = <optimized out>
        errret = 1
        result = 0x0
        current = 0x0
        its_term = 0x0
        _ofp = 0x7ffff72535e0 <_IO_2_1_stdout_>
        _ifp = 0x7ffff72528a0 <_IO_2_1_stdin_>
        new_term = 0x0
#3  0x00007ffff769b04c in newterm (name=name@entry=0x7fffffffe812 "screen-256color", ofp=<optimized out>, ifp=<optimized out>) at ../ncurses/base/lib_newterm.c:351
No locals.
#4  0x00007ffff7697206 in initscr () at ../ncurses/base/lib_initscr.c:87
        name = 0x7fffffffe812 "screen-256color"
        result = <optimized out>
#5  0x0000555555559e0d in mtr_curses_open () at curses.c:700
        bg_col = <optimized out>
        i = <optimized out>
#6  0x0000555555560b11 in display_open () at display.c:101
No locals.
#7  0x0000555555557e81 in main (argc=<optimized out>, argv=<optimized out>) at mtr.c:779
        host = 0x7fffffffe230
        net_preopen_result = <optimized out>
        hints = {ai_flags = 0, ai_family = 0, ai_socktype = 2, ai_protocol = 0, ai_addrlen = 0, ai_addr = 0x0, ai_canonname = 0x0, ai_next = 0x0}
        res = 0x555555aa5080
        error = <optimized out>
        trhost = {h_name = 0x0, h_aliases = 0x0, h_addrtype = 2, h_length = 16, h_addr_list = 0x7fffffffe280}
        alptr = {0x555555aa50b4 "\177", 0x0}
        sa4 = <optimized out>
        sa6 = <optimized out>
        now = 1491818195
        head = <optimized out>
(gdb)
```
Comment 1 Simon Lees 2017-04-10 10:26:08 UTC 
boo#1033057 in ccmake could be related but I haven't got a trace yet to confirm.
Comment 2 Dr. Werner Fink 2017-04-10 10:51:18 UTC 
Just send a mail to upstream
Comment 3 Dr. Werner Fink 2017-04-10 10:53:52 UTC 
*** Bug 1033057 has been marked as a duplicate of this bug. ***
Comment 4 Simon Lees 2017-04-10 11:00:06 UTC 
Here's a trace from ccmake

(gdb) bt
#0  _nc_init_acs_sp (sp=sp@entry=0xa8ed30) at ../ncurses/tinfo/lib_acs.c:95
#1  0x00007ffff79b69c0 in _nc_setupscreen_sp (spp=spp@entry=0x7fffffffd5f8, slines=<optimized out>, scolumns=<optimized out>,
    output=output@entry=0x7ffff656d5e0 <_IO_2_1_stdout_>, filtered=<optimized out>, slk_format=slk_format@entry=0) at ../ncurses/base/lib_set_term.c:582
#2  0x00007ffff79b2b11 in newterm_sp (sp=<optimized out>, name=name@entry=0x7fffffffea8f "xterm", ofp=<optimized out>, ifp=<optimized out>)
    at ../ncurses/base/lib_newterm.c:221
#3  0x00007ffff79b304c in newterm (name=name@entry=0x7fffffffea8f "xterm", ofp=<optimized out>, ifp=<optimized out>) at ../ncurses/base/lib_newterm.c:351
#4  0x00007ffff79af206 in initscr () at ../ncurses/base/lib_initscr.c:87
#5  0x00000000004c86f5 in main ()
(gdb) frame 0
#0  _nc_init_acs_sp (sp=sp@entry=0xa8ed30) at ../ncurses/tinfo/lib_acs.c:95
95                  real_map[j] = 0;
(gdb) list
90           * the mapping information in the SCREEN struct so we can decide how to
91           * render it.
92           */
93          if (real_map != fake_map) {
94              for (j = 1; j < ACS_LEN; ++j) {
95                  real_map[j] = 0;
96                  fake_map[j] = A_ALTCHARSET | (chtype) j;
97                  if (SP_PARM)
98                      SP_PARM->_screen_acs_map[j] = FALSE;
99              }
(gdb) frame 1
#1  0x00007ffff79b69c0 in _nc_setupscreen_sp (spp=spp@entry=0x7fffffffd5f8, slines=<optimized out>, scolumns=<optimized out>,
    output=output@entry=0x7ffff656d5e0 <_IO_2_1_stdout_>, filtered=<optimized out>, slk_format=slk_format@entry=0) at ../ncurses/base/lib_set_term.c:582
582         NCURSES_SP_NAME(_nc_init_acs) (NCURSES_SP_ARG);
(gdb) list
577             set_attributes = NULL;
578         }
579     #endif
580     #endif
581
582         NCURSES_SP_NAME(_nc_init_acs) (NCURSES_SP_ARG);
583     #if USE_WIDEC_SUPPORT
584         sp->_screen_unicode = _nc_unicode_locale();
585         if (_nc_wacs == 0) {
586             _nc_init_wacs();
(gdb) frame 2
#2  0x00007ffff79b2b11 in newterm_sp (sp=<optimized out>, name=name@entry=0x7fffffffea8f "xterm", ofp=<optimized out>, ifp=<optimized out>)
    at ../ncurses/base/lib_newterm.c:221
221             if (NCURSES_SP_NAME(_nc_setupscreen) (
(gdb) list
216
217             /*
218              * This actually allocates the screen structure, and saves the original
219              * terminal settings.
220              */
221             if (NCURSES_SP_NAME(_nc_setupscreen) (
222     #if NCURSES_SP_FUNCS
223                                                      &SP_PARM,
224     #endif
225                                                      *(ptrLines(SP_PARM)),
(gdb) frame 3 list
#0  0x0000000000000000 in ?? ()
(gdb)
Comment 5 Dr. Werner Fink 2017-04-10 11:16:38 UTC 
(In reply to Dr. Werner Fink from comment #2)
> Just send a mail to upstream

https://lists.gnu.org/archive/html/bug-ncurses/2017-04/msg00007.html
Comment 6 Andreas Stieger 2017-04-10 16:00:47 UTC 
*** Bug 1032933 has been marked as a duplicate of this bug. ***
Comment 7 Forgotten User MNOC3I1ypq 2017-04-12 20:51:32 UTC 
I can reproduce the problem with an very simple program:

$ cat <<EOF > cursesbug.c
#include <curses.h>

int
main ()
{
  initscr(); 
  return  0;
}
EOF

$ gcc -o cursesbug -g -O0 cursesbug.c -lncurses

$ gdb ./cursesbug 
GNU gdb (GDB; openSUSE Tumbleweed) 7.12.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-suse-linux".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://bugs.opensuse.org/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./cursesbug...done.
(gdb) run
Starting program: /home/ole/Projekte/cursesbug 

Program received signal SIGSEGV, Segmentation fault.
_nc_init_acs_sp (sp=sp@entry=0x602010) at ../ncurses/tinfo/lib_acs.c:95
95      ../ncurses/tinfo/lib_acs.c: Datei oder Verzeichnis nicht gefunden.
(gdb) bt
#0  _nc_init_acs_sp (sp=sp@entry=0x602010) at ../ncurses/tinfo/lib_acs.c:95
#1  0x00007ffff7bc79c0 in _nc_setupscreen_sp (spp=spp@entry=0x7fffffffdaf8, 
    slines=<optimized out>, scolumns=<optimized out>, 
    output=output@entry=0x7ffff7bab5e0 <_IO_2_1_stdout_>, filtered=<optimized out>, 
    slk_format=slk_format@entry=0) at ../ncurses/base/lib_set_term.c:582
#2  0x00007ffff7bc3b11 in newterm_sp (sp=<optimized out>, 
    name=name@entry=0x7fffffffeac7 "xterm-256color", ofp=<optimized out>, 
    ifp=<optimized out>) at ../ncurses/base/lib_newterm.c:221
#3  0x00007ffff7bc404c in newterm (name=name@entry=0x7fffffffeac7 "xterm-256color", 
    ofp=<optimized out>, ifp=<optimized out>) at ../ncurses/base/lib_newterm.c:351
#4  0x00007ffff7bc0206 in initscr () at ../ncurses/base/lib_initscr.c:87
#5  0x000000000040056f in main () at cursesbug.c:6
(gdb)
Comment 8 Dr. Werner Fink 2017-04-13 13:07:08 UTC 
After some debugging it seems that libtinfo now had become not independent to the used libncurses(w) anymore.  This means now that for a libncursesw also a libtinfow seems to be required.
Comment 9 Dr. Werner Fink 2017-04-13 13:24:12 UTC 
IMHO the last paragraph of this might be changed

    --with-termlib[=XXX]
        When building the ncurses library, organize this as two parts:  the
        curses library (libncurses) and the low-level terminfo library
        (libtinfo).  This is done to accommodate applications that use only
        the latter.  The terminfo library is about half the size of the total.

        If an option value is given, that overrides the name of the terminfo
        library.  For instance, if the wide-character version is built, the
        terminfo library would be named libtinfow.  But the libtinfow interface
        is upward compatible from libtinfo, so it would be possible to overlay
        libtinfo.so with a "wide" version of libtinfow.so by renaming it with
        this option.

... as libtinfow.so is not compatible with libtinfo.so anymore
Comment 10 Dr. Werner Fink 2017-04-13 13:36:35 UTC 
Should become fixed with SR#487834
Comment 11 Bernhard Wiedemann 2017-04-13 14:01:07 UTC 
This is an autogenerated message for OBS integration:
This bug (1033198) was mentioned in
https://build.opensuse.org/request/show/487834 Factory / ncurses
Comment 12 Kristyna Streitova 2017-04-18 10:52:28 UTC 
*** Bug 1033985 has been marked as a duplicate of this bug. ***
Comment 13 Kristyna Streitova 2017-04-23 20:33:41 UTC 
*** Bug 1035590 has been marked as a duplicate of this bug. ***
Comment 14 Dr. Werner Fink 2017-04-24 06:40:27 UTC 
*** Bug 1034810 has been marked as a duplicate of this bug. ***
Comment 15 Dr. Werner Fink 2017-04-24 06:40:37 UTC 
*** Bug 1034899 has been marked as a duplicate of this bug. ***
Comment 16 Gary Ching-Pang Lin 2017-05-04 02:22:54 UTC 
I encountered the similar crash with cscope, so I updated ncurses from Base:System. Now cscope works as expected. However, mutt starts to crash :-(

The backtrace of "gdb mutt":

Program received signal SIGSEGV, Segmentation fault.
_nc_init_acs_sp (sp=sp@entry=0x55555588aad0) at ../ncurses/tinfo/lib_acs.c:95
95                  real_map[j] = 0;
(gdb) bt
#0  0x00007ffff797ec72 in _nc_init_acs_sp (sp=sp@entry=0x55555588aad0) at ../ncurses/tinfo/lib_acs.c:95
#1  0x00007ffff7bbb775 in _nc_setupscreen_sp (spp=spp@entry=0x7fffffffd478, slines=<optimized out>, scolumns=<optimized out>, output=output@entry=0x7ffff65875e0 <_IO_2_1_stdout_>, filtered=<optimized out>, slk_format=slk_format@entry=0) at ../ncurses/base/lib_set_term.c:587
#2  0x00007ffff7bb6c21 in newterm_sp (sp=<optimized out>, name=name@entry=0x7fffffffeafc "xterm-256color", ofp=<optimized out>, ifp=<optimized out>)
    at ../ncurses/base/lib_newterm.c:222
#3  0x00007ffff7bb715c in newterm (name=name@entry=0x7fffffffeafc "xterm-256color", ofp=<optimized out>, ifp=<optimized out>) at ../ncurses/base/lib_newterm.c:352
#4  0x00007ffff7bb2c86 in initscr () at ../ncurses/base/lib_initscr.c:89
#5  0x000055555556cfdd in start_curses () at main.c:147
#6  0x000055555556cfdd in main (argc=1, argv=0x7fffffffdda8) at main.c:412
(gdb) p real_map[0]
Cannot access memory at address 0x80ffff00
(gdb) p real_map
$1 = (chtype *) 0x80ffff00
(gdb)
Comment 17 Dr. Werner Fink 2017-05-04 06:26:04 UTC 
(In reply to Gary Ching-Pang Lin from comment #16)
> I encountered the similar crash with cscope, so I updated ncurses from
> Base:System. Now cscope works as expected. However, mutt starts to crash :-(
> 
> The backtrace of "gdb mutt":
> 
> Program received signal SIGSEGV, Segmentation fault.
> _nc_init_acs_sp (sp=sp@entry=0x55555588aad0) at ../ncurses/tinfo/lib_acs.c:95
> 95                  real_map[j] = 0;
> (gdb) bt
> #0  0x00007ffff797ec72 in _nc_init_acs_sp (sp=sp@entry=0x55555588aad0) at
> ../ncurses/tinfo/lib_acs.c:95
> #1  0x00007ffff7bbb775 in _nc_setupscreen_sp (spp=spp@entry=0x7fffffffd478,
> slines=<optimized out>, scolumns=<optimized out>,
> output=output@entry=0x7ffff65875e0 <_IO_2_1_stdout_>, filtered=<optimized
> out>, slk_format=slk_format@entry=0) at ../ncurses/base/lib_set_term.c:587
> #2  0x00007ffff7bb6c21 in newterm_sp (sp=<optimized out>,
> name=name@entry=0x7fffffffeafc "xterm-256color", ofp=<optimized out>,
> ifp=<optimized out>)
>     at ../ncurses/base/lib_newterm.c:222
> #3  0x00007ffff7bb715c in newterm (name=name@entry=0x7fffffffeafc
> "xterm-256color", ofp=<optimized out>, ifp=<optimized out>) at
> ../ncurses/base/lib_newterm.c:352
> #4  0x00007ffff7bb2c86 in initscr () at ../ncurses/base/lib_initscr.c:89
> #5  0x000055555556cfdd in start_curses () at main.c:147
> #6  0x000055555556cfdd in main (argc=1, argv=0x7fffffffdda8) at main.c:412
> (gdb) p real_map[0]
> Cannot access memory at address 0x80ffff00
> (gdb) p real_map
> $1 = (chtype *) 0x80ffff00
> (gdb)

With latest mutt from server:mail build with latest ncurses from Base:System I do not see this crash.  Please note that mutt should use the shared library libtinfow.so.6 as using libncursesw.so.6 requires this now.
Comment 18 Gary Ching-Pang Lin 2017-05-04 06:53:41 UTC 
(In reply to Dr. Werner Fink from comment #17)
> With latest mutt from server:mail build with latest ncurses from Base:System
> I do not see this crash.  Please note that mutt should use the shared
> library libtinfow.so.6 as using libncursesw.so.6 requires this now.

Thanks. I saw your submission of mutt and will wait for the fix.
Comment 19 Ismail Dönmez 2017-05-22 12:59:03 UTC 
*** Bug 1033163 has been marked as a duplicate of this bug. ***