segfault on list

Bug #7339 reported by Debian Bug Importer on 2004-08-07
4
Affects Status Importance Assigned to Milestone
newt (Debian)
Fix Released
Unknown
newt (Ubuntu)
High
Colin Watson

Bug Description

Automatically imported from Debian bug report #264080 http://bugs.debian.org/264080

Debian Bug Importer (debzilla) wrote :

Automatically imported from Debian bug report #264080 http://bugs.debian.org/264080

Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Fri, 6 Aug 2004 20:27:30 -0300
From: Joey Hess <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: segfault on list

Package: whiptail
Version: 0.51.6-10.1
Severity: serious

I'm provisionally marking this bug as RC because it does impact the
Debian install. Argentinian users will see some weird stuff during
base-config's time zone selection because of it.

tzsetup runs whiptail as follows for Argintina:

whiptail --default-item \
"America/Argentina/Buenos_Aires (Buenos Aires (BA; CF))" \
--menu "choose your time zone" \
20 104 8 \
"America/Argentina/Buenos_Aires (Buenos Aires (BA; CF))" "" \
"America/Argentina/Cordoba (most locations (CB; CC; CN; ER; FM; LP; MN; NQ;=
 RN; SA; SE; SF; SL))" "" \
"America/Argentina/Jujuy (Jujuy (JY))" "" \
"America/Argentina/Tucuman (Tucuman (TM))" "" \
"America/Argentina/Catamarca (Catamarca (CT))" "" \
"America/Argentina/La_Rioja (La Rioja (LR))" "" \
"America/Argentina/San_Juan (San Juan (SJ))" "" \
"America/Argentina/Mendoza (Mendoza (MZ))" "" \
"America/Argentina/ComodRivadavia (Chubut (CH))" "" \
"America/Argentina/Rio_Gallegos (Santa Cruz (SC))" "" \
"America/Argentina/Ushuaia (Tierra del Fuego (TF))" "" \
"other" ""

The problem only occurs if the terminal is a certian size. I can
reproduce it in a 24x80 or smaller terminal, but not in a 96x54 one.

Whiptail runs, displays the list reasonably well (given that debconf has
told it to use a dialog that is wider than the screen; which might be a
debconf bug). I select the first item, and it crashes, with a
segmentation fault before it can output the choosen item.

It does seem to be related to debconf giving it the wrong width. If I
fix the width to equal the terminal width, I don't get segfaults. I'll
try to fix debconf, but there's definitly a whiptail bug in here.

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.4.26
Locale: LANG=3Den_US, LC_CTYPE=3Den_US

Versions of packages whiptail depends on:
ii libc6 2.3.2.ds1-15 GNU C Library: Shared librarie=
s an
ii libnewt0.51 0.51.6-10.1 Not Erik's Windowing Toolkit -=
 tex
ii libpopt0 1.7-4 lib for parsing cmdline parame=
ters
ii slang1a-utf8 1.4.9dbs-5 The S-Lang programming library=
 wit

-- no debconf information

--=20
see shy jo

Greetings,

I have looked into this problem a bit. Running valgrind on whiptail with
specified options produces a following error:

==21640== Memcheck, a memory error detector for x86-linux.
==21640== Copyright (C) 2002-2004, and GNU GPL'd, by Julian Seward et al.
==21640== Using valgrind-2.1.2, a program supervision framework for x86-linux.
==21640== Copyright (C) 2000-2004, and GNU GPL'd, by Julian Seward et al.
==21640== For more details, rerun with: -v
==21640==
==21640== Invalid write of size 4
==21640== at 0x1B95E307: SLsmg_write_nwchars (slsmg.c:635)
==21640== by 0x1B95E6A0: SLsmg_write_nchars (slsmg.c:716)
==21640== by 0x1B95DEBC: SLsmg_write_string (slsmg.c:298)
==21640== by 0x1B927A1D: textboxDraw (textbox.c:353)
==21640== Address 0x1BB20C74 is 0 bytes after a block of size 348 alloc'd
==21640== at 0x1B904EDD: malloc (vg_replace_malloc.c:131)
==21640== by 0x1B955919: SLmalloc (slmisc.c:78)
==21640== by 0x1B95FD1B: init_smg (slsmg.c:1533)
==21640== by 0x1B95FE9A: SLsmg_init_smg (slsmg.c:1572)
America/Argentina/Buenos_Aires (Buenos Aires (BA; CF))==21640==
[...]

So it seems like at some point an extra wchar (4 bytes) gets written past
the allocated memory region by SLsmg_write_wchar (it comes from the
slang1a-utf8 library), which might be the culprit. I'll try to investigate
further and (hopefully) come up with a solution.

Best regards,

Jurij Smakov <email address hidden>
Key: http://www.wooyd.org/pgpkey/ KeyID: C99E03CC

Debian Bug Importer (debzilla) wrote :

Message-ID: <Pine.LNX.4.58.0408080155010.21695@bobcat>
Date: Sun, 8 Aug 2004 02:11:27 -0400 (EDT)
From: Jurij Smakov <email address hidden>
To: <email address hidden>
Subject: Re: [whiptail] segfault on list

Greetings,

I have looked into this problem a bit. Running valgrind on whiptail with
specified options produces a following error:

==21640== Memcheck, a memory error detector for x86-linux.
==21640== Copyright (C) 2002-2004, and GNU GPL'd, by Julian Seward et al.
==21640== Using valgrind-2.1.2, a program supervision framework for x86-linux.
==21640== Copyright (C) 2000-2004, and GNU GPL'd, by Julian Seward et al.
==21640== For more details, rerun with: -v
==21640==
==21640== Invalid write of size 4
==21640== at 0x1B95E307: SLsmg_write_nwchars (slsmg.c:635)
==21640== by 0x1B95E6A0: SLsmg_write_nchars (slsmg.c:716)
==21640== by 0x1B95DEBC: SLsmg_write_string (slsmg.c:298)
==21640== by 0x1B927A1D: textboxDraw (textbox.c:353)
==21640== Address 0x1BB20C74 is 0 bytes after a block of size 348 alloc'd
==21640== at 0x1B904EDD: malloc (vg_replace_malloc.c:131)
==21640== by 0x1B955919: SLmalloc (slmisc.c:78)
==21640== by 0x1B95FD1B: init_smg (slsmg.c:1533)
==21640== by 0x1B95FE9A: SLsmg_init_smg (slsmg.c:1572)
America/Argentina/Buenos_Aires (Buenos Aires (BA; CF))==21640==
[...]

So it seems like at some point an extra wchar (4 bytes) gets written past
the allocated memory region by SLsmg_write_wchar (it comes from the
slang1a-utf8 library), which might be the culprit. I'll try to investigate
further and (hopefully) come up with a solution.

Best regards,

Jurij Smakov <email address hidden>
Key: http://www.wooyd.org/pgpkey/ KeyID: C99E03CC

reassign 264080 slang1a-utf8
thanks

Debian Bug Importer (debzilla) wrote :

Message-id: <email address hidden>
Date: Mon, 9 Aug 2004 11:40:36 +0100
From: "Alastair McKinstry" <email address hidden>
To: <email address hidden>
Subject: tags

reassign 264080 slang1a-utf8
thanks

Download full text (3.5 KiB)

Source: slang
Source-Version: 1.4.9dbs-6

We believe that the bug you reported is fixed in the latest version of
slang, which is due to be installed in the Debian FTP archive:

slang1-dev_1.4.9dbs-6_i386.deb
  to pool/main/s/slang/slang1-dev_1.4.9dbs-6_i386.deb
slang1-pic_1.4.9dbs-6_i386.deb
  to pool/main/s/slang/slang1-pic_1.4.9dbs-6_i386.deb
slang1-utf8-dev_1.4.9dbs-6_i386.deb
  to pool/main/s/slang/slang1-utf8-dev_1.4.9dbs-6_i386.deb
slang1-utf8-pic_1.4.9dbs-6_i386.deb
  to pool/main/s/slang/slang1-utf8-pic_1.4.9dbs-6_i386.deb
slang1_1.4.9dbs-6_i386.deb
  to pool/main/s/slang/slang1_1.4.9dbs-6_i386.deb
slang1a-utf8-udeb_1.4.9dbs-6_i386.udeb
  to pool/main/s/slang/slang1a-utf8-udeb_1.4.9dbs-6_i386.udeb
slang1a-utf8_1.4.9dbs-6_i386.deb
  to pool/main/s/slang/slang1a-utf8_1.4.9dbs-6_i386.deb
slang_1.4.9dbs-6.diff.gz
  to pool/main/s/slang/slang_1.4.9dbs-6.diff.gz
slang_1.4.9dbs-6.dsc
  to pool/main/s/slang/slang_1.4.9dbs-6.dsc

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alastair McKinstry <email address hidden> (supplier of updated slang package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 11 Aug 2004 21:34:01 +0100
Source: slang
Binary: slang1-utf8-dev slang1-dev slang1a-utf8 slang1-utf8-pic slang1 slang1a-utf8-udeb slang1-pic
Architecture: source i386
Version: 1.4.9dbs-6
Distribution: unstable
Urgency: low
Maintainer: Jim Mintha <email address hidden>
Changed-By: Alastair McKinstry <email address hidden>
Description:
 slang1 - The S-Lang programming library - runtime version
 slang1-dev - The S-Lang programming library, development version
 slang1-pic - The S-Lang programming library, shared library subset kit
 slang1-utf8-dev - The S-Lang programming library, development version with utf8 sup
 slang1-utf8-pic - The S-Lang programming library, shared library subset with utf8 s
 slang1a-utf8 - The S-Lang programming library with utf8 support
 slang1a-utf8-udeb - S-Lang library with utf8 support (udeb)
Closes: 264080
Changes:
 slang (1.4.9dbs-6) unstable; urgency=low
 .
   * Fix segfault on lists running over screen boundary: Closes: #264080.
Files:
 deff732243110dc9989fd408d7bb2519 727 devel optional slang_1.4.9dbs-6.dsc
 004b17dcb915cc3680cad5876c7af344 88529 devel optional slang_1.4.9dbs-6.diff.gz
 504f8818f58abee6d3eea3a56e12cc9c 334996 devel optional slang1-dev_1.4.9dbs-6_i386.deb
 5c316a1bc624f53247bad29acffee71f 295664 base standard slang1_1.4.9dbs-6_i386.deb
 eaa472123391316ece7c1ea7a2c2d9bc 270924 libdevel optional slang1-pic_1.4.9dbs-6_i386.deb
 2436d5ac7db62670ef432361ba6dd376 336170 devel extra slang1-utf8-dev_1.4.9dbs-6_i386.deb
 9a0ac0e69c068b36fdf183dcfa8ff3d4 297026 libs required slang1a-utf8_1.4.9dbs-6_i386.deb
 13ee371d80626404d736e4...

Read more...

Debian Bug Importer (debzilla) wrote :
Download full text (3.7 KiB)

Message-Id: <email address hidden>
Date: Wed, 11 Aug 2004 17:02:14 -0400
From: Alastair McKinstry <email address hidden>
To: <email address hidden>
Subject: Bug#264080: fixed in slang 1.4.9dbs-6

Source: slang
Source-Version: 1.4.9dbs-6

We believe that the bug you reported is fixed in the latest version of
slang, which is due to be installed in the Debian FTP archive:

slang1-dev_1.4.9dbs-6_i386.deb
  to pool/main/s/slang/slang1-dev_1.4.9dbs-6_i386.deb
slang1-pic_1.4.9dbs-6_i386.deb
  to pool/main/s/slang/slang1-pic_1.4.9dbs-6_i386.deb
slang1-utf8-dev_1.4.9dbs-6_i386.deb
  to pool/main/s/slang/slang1-utf8-dev_1.4.9dbs-6_i386.deb
slang1-utf8-pic_1.4.9dbs-6_i386.deb
  to pool/main/s/slang/slang1-utf8-pic_1.4.9dbs-6_i386.deb
slang1_1.4.9dbs-6_i386.deb
  to pool/main/s/slang/slang1_1.4.9dbs-6_i386.deb
slang1a-utf8-udeb_1.4.9dbs-6_i386.udeb
  to pool/main/s/slang/slang1a-utf8-udeb_1.4.9dbs-6_i386.udeb
slang1a-utf8_1.4.9dbs-6_i386.deb
  to pool/main/s/slang/slang1a-utf8_1.4.9dbs-6_i386.deb
slang_1.4.9dbs-6.diff.gz
  to pool/main/s/slang/slang_1.4.9dbs-6.diff.gz
slang_1.4.9dbs-6.dsc
  to pool/main/s/slang/slang_1.4.9dbs-6.dsc

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alastair McKinstry <email address hidden> (supplier of updated slang package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 11 Aug 2004 21:34:01 +0100
Source: slang
Binary: slang1-utf8-dev slang1-dev slang1a-utf8 slang1-utf8-pic slang1 slang1a-utf8-udeb slang1-pic
Architecture: source i386
Version: 1.4.9dbs-6
Distribution: unstable
Urgency: low
Maintainer: Jim Mintha <email address hidden>
Changed-By: Alastair McKinstry <email address hidden>
Description:
 slang1 - The S-Lang programming library - runtime version
 slang1-dev - The S-Lang programming library, development version
 slang1-pic - The S-Lang programming library, shared library subset kit
 slang1-utf8-dev - The S-Lang programming library, development version with utf8 sup
 slang1-utf8-pic - The S-Lang programming library, shared library subset with utf8 s
 slang1a-utf8 - The S-Lang programming library with utf8 support
 slang1a-utf8-udeb - S-Lang library with utf8 support (udeb)
Closes: 264080
Changes:
 slang (1.4.9dbs-6) unstable; urgency=low
 .
   * Fix segfault on lists running over screen boundary: Closes: #264080.
Files:
 deff732243110dc9989fd408d7bb2519 727 devel optional slang_1.4.9dbs-6.dsc
 004b17dcb915cc3680cad5876c7af344 88529 devel optional slang_1.4.9dbs-6.diff.gz
 504f8818f58abee6d3eea3a56e12cc9c 334996 devel optional slang1-dev_1.4.9dbs-6_i386.deb
 5c316a1bc624f53247bad29acffee71f 295664 base standard slang1_1.4.9dbs-6_i386.deb
 eaa472123391316ece7c1ea7a2c2d9bc 270924 libdevel optional slang1-pic_1....

Read more...

Colin Watson (cjwatson) wrote :

Bug confirmed present in Warty.

Colin Watson (cjwatson) wrote :

slang 1.4.9dbs-6 synced; closing.

Changed in newt:
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.