Debian Bug report logs - #616711
segfault at start with libncursesw5 5.8-1

version graph

Package: libncursesw5; Maintainer for libncursesw5 is Craig Small <csmall@debian.org>; Source for libncursesw5 is src:ncurses.

Reported by: Stefano Zacchiroli <zack@debian.org>

Date: Sun, 6 Mar 2011 20:39:02 UTC

Severity: serious

Found in version ncurses/5.8-1

Fixed in version ncurses/5.8+20110307-1

Done: Sven Joachim <svenjoac@gmx.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, csmall@debian.org, Nico Golde <nion@debian.org>:
Bug#616711; Package newsbeuter. (Sun, 06 Mar 2011 20:39:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Stefano Zacchiroli <zack@debian.org>:
New Bug report received and forwarded. Copy sent to csmall@debian.org, Nico Golde <nion@debian.org>. (Sun, 06 Mar 2011 20:39:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Stefano Zacchiroli <zack@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: segfault at start with libncursesw5 5.8-1
Date: Sun, 06 Mar 2011 21:38:09 +0100
Package: newsbeuter
Version: 2.4-1
Severity: serious

After upgrading libncursesw5 from 5.7+20100313-5 to 5.8-1, newsbeuter started
segfaulting at startup (no matter if invoked with -r or not). Reverting
libncursesw5 to 5.7+20100313-5, currently in testing, fixes the problem.

I'm not sure if the problem is in newsbeuter (e.g. using the lib in some
unappropriate way which worked up to now) or in libncursesw5 (e.g. unexpected/
undeclared ABI change). I'm Cc:-ing the libncursesw5 maintainer with this bug
report.

Cheers.

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.37-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=it_IT.utf8, LC_CTYPE=it_IT.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages newsbeuter depends on:
ii  libc6                     2.11.2-13      Embedded GNU C Library: Shared lib
ii  libcurl3-gnutls           7.21.4-1       Multi-protocol file transfer libra
ii  libgcc1                   1:4.5.2-5      GCC support library
ii  libncursesw5              5.7+20100313-5 shared libraries for terminal hand
ii  libsqlite3-0              3.7.5-1        SQLite 3 shared library
ii  libstdc++6                4.5.2-5        The GNU Standard C++ Library v3
ii  libxml2                   2.7.8.dfsg-2   GNOME XML library

newsbeuter recommends no packages.

newsbeuter suggests no packages.

-- no debconf information




Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#616711; Package newsbeuter. (Sun, 06 Mar 2011 21:06:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. (Sun, 06 Mar 2011 21:06:07 GMT) Full text and rfc822 format available.

Message #10 received at 616711@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: Stefano Zacchiroli <zack@debian.org>, 616711@bugs.debian.org
Subject: Re: Bug#616711: segfault at start with libncursesw5 5.8-1
Date: Sun, 6 Mar 2011 22:04:03 +0100
[Message part 1 (text/plain, inline)]
Hi,
* Stefano Zacchiroli <zack@debian.org> [2011-03-06 21:46]:
> After upgrading libncursesw5 from 5.7+20100313-5 to 5.8-1, newsbeuter started
> segfaulting at startup (no matter if invoked with -r or not). Reverting
> libncursesw5 to 5.7+20100313-5, currently in testing, fixes the problem.
> 
> I'm not sure if the problem is in newsbeuter (e.g. using the lib in some
> unappropriate way which worked up to now) or in libncursesw5 (e.g. unexpected/
> undeclared ABI change). I'm Cc:-ing the libncursesw5 maintainer with this bug
> report.

Thanks for the report! We will look into this problem. Upstream received a 
similar bug report today. Just by a quick glance I'm unsure if this is an 
ncurses problem or not.

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Nico Golde <nion@debian.org>:
Bug#616711; Package newsbeuter. (Mon, 07 Mar 2011 00:42:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to fcestrada@fcestrada.com:
Extra info received and forwarded to list. Copy sent to Nico Golde <nion@debian.org>. (Mon, 07 Mar 2011 00:42:04 GMT) Full text and rfc822 format available.

Message #15 received at 616711@bugs.debian.org (full text, mbox):

From: fcestrada@fcestrada.com
To: 616711@bugs.debian.org
Subject: newsbeuter "Segmentation fault"
Date: Sun, 6 Mar 2011 16:37:58 -0800
[Message part 1 (text/plain, inline)]
Package: newsbeuter
Version: 2.4-1

*** Please type your report below this line ***

Hi,

I'm affected with this bug too, in the attached file is the output after
start "newsbeuter -r", at the end all is clear and just says
"Segmentation fault" (this is caused by strange characters), so to see
it I redirected the standard error to a file.

Thanks a lot for your hard work keeping this great program in good shape
;-)

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.37-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages newsbeuter depends on:
ii  libc6                       2.11.2-13    Embedded GNU C Library:
Shared lib
ii  libcurl3-gnutls             7.21.4-1     Multi-protocol file transfer
libra
ii  libgcc1                     1:4.5.2-5    GCC support library
ii  libncursesw5                5.8-1        shared libraries for terminal
hand
ii  libsqlite3-0                3.7.5-1      SQLite 3 shared library
ii  libstdc++6                  4.5.2-5      The GNU Standard C++ Library v3
ii  libxml2                     2.7.8.dfsg-2 GNOME XML library

newsbeuter recommends no packages.

newsbeuter suggests no packages.

-- no debconf information

Best Regards,

Fernando C. Estrada
[newsbeuter.log (text/x-log, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Nico Golde <nion@debian.org>:
Bug#616711; Package newsbeuter. (Mon, 07 Mar 2011 04:33:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Craig Small <csmall@debian.org>:
Extra info received and forwarded to list. Copy sent to Nico Golde <nion@debian.org>. (Mon, 07 Mar 2011 04:33:06 GMT) Full text and rfc822 format available.

Message #20 received at 616711@bugs.debian.org (full text, mbox):

From: Craig Small <csmall@debian.org>
To: Stefano Zacchiroli <zack@debian.org>, 616711@bugs.debian.org
Subject: Re: Bug#616711: segfault at start with libncursesw5 5.8-1
Date: Mon, 7 Mar 2011 15:18:51 +1100
On Sun, Mar 06, 2011 at 09:38:09PM +0100, Stefano Zacchiroli wrote:
> I'm not sure if the problem is in newsbeuter (e.g. using the lib in some
> unappropriate way which worked up to now) or in libncursesw5 (e.g. unexpected/
> undeclared ABI change). I'm Cc:-ing the libncursesw5 maintainer with this bug
> report.
newsbeuter is calling stfl_ipool_fromwc() which is part of the stfl
package.  It's dying between stfl and ncurses.

stfl is a statically linked library, recompiling stfl and linking
newsbeuter to that library makes a working binary. You can never be 100%
sure, but I don't think the problem lies with newsbeuter.

 - Craig
-- 
Craig Small VK2XLZ    http://www.enc.com.au/       csmall at : enc.com.au
Debian GNU/Linux      http://www.debian.org/       csmall at : debian.org
GPG fingerprint:       1C1B D893 1418 2AF4 45EE  95CB C76C E5AC 12CA DFA5




Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#616711; Package newsbeuter. (Mon, 07 Mar 2011 16:39:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. (Mon, 07 Mar 2011 16:39:06 GMT) Full text and rfc822 format available.

Message #25 received at 616711@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: Craig Small <csmall@debian.org>, Stefano Zacchiroli <zack@debian.org>, 616711@bugs.debian.org
Cc: ak@synflood.at
Subject: Re: Bug#616711: segfault at start with libncursesw5 5.8-1
Date: Mon, 7 Mar 2011 17:35:44 +0100
[Message part 1 (text/plain, inline)]
Hi,
* Craig Small <csmall@debian.org> [2011-03-07 10:49]:
> On Sun, Mar 06, 2011 at 09:38:09PM +0100, Stefano Zacchiroli wrote:
> > I'm not sure if the problem is in newsbeuter (e.g. using the lib in some
> > unappropriate way which worked up to now) or in libncursesw5 (e.g. unexpected/
> > undeclared ABI change). I'm Cc:-ing the libncursesw5 maintainer with this bug
> > report.
> newsbeuter is calling stfl_ipool_fromwc() which is part of the stfl
> package.  It's dying between stfl and ncurses.
> 
> stfl is a statically linked library

What do you mean?
file libstfl.so.0.21
libstfl.so.0.21: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, stripped

> , recompiling stfl and linking
> newsbeuter to that library makes a working binary. You can never be 100%
> sure, but I don't think the problem lies with newsbeuter.

I also can't reproduce this problem with a recompiled version of ncurses.
So unfortunately a version of stfl with debug symbols doesn't help.

Looking at a version of newsbeuter with debug symbols I see this is dying as 
follows:
#0  0x00007f66190ad5ce in stfl_style () from /usr/lib/libstfl.so.0
=> 0x00007f66190ad5ce <stfl_style+1318>:     4c 89 6f 10    mov    QWORD PTR [rdi+0x10],r13

By looking at the stfl source code as well as the object dump of the stfl library
the problematic code is:

|                stfl_colorpair_fg[i] = fg_color;
|                stfl_colorpair_bg[i] = bg_color;
|                stfl_colorpair_counter++;
|        }
|
|        wattrset(win, attr);
|        wcolor_set(win, i, NULL);

This corresponds to the following assembler:
65a8:       8b 4d bc                mov    ecx,DWORD PTR [rbp-0x44]
65ab:       44 89 34 82             mov    DWORD PTR [rdx+rax*4],r14d
65af:       48 8d 15 2a 62 20 00    lea    rdx,[rip+0x20622a]        # 20c7e0 <curses_active+0xc>
65b6:       89 0c 82                mov    DWORD PTR [rdx+rax*4],ecx
65b9:       48 8b 05 00 5b 20 00    mov    rax,QWORD PTR [rip+0x205b00]        # 20c0c0 <_fini+0x202318>
65c0:       ff 00                   inc    DWORD PTR [rax]
65c2:       48 8b 7d b0             mov    rdi,QWORD PTR [rbp-0x50]
65c6:       4d 63 ed                movsxd r13,r13d
65c9:       0f bf f3                movsx  esi,bx
65cc:       31 d2                   xor    edx,edx
65ce:       4c 89 6f 10             mov    QWORD PTR [rdi+0x10],r13
65d2:       e8 b9 cf ff ff          call   3590 <wcolor_set@plt>

65c2-65ce should be code produced by the wattrset macro. gdb tells me:
(gdb) print $rdi
$1 = 0

so mov    QWORD PTR [rdi+0x10],r13 results in an invalid write.

wattrset is defined as:
#define wattrset(win,at)        ((win) \
    ? ((win)->_attrs = NCURSES_CAST(attr_t, at), \
    OK) \
    : ERR)

So QWORD PTR [rdi+0x10] should correspond to win->_attrs meaning that in this case
win would be null.

How can this be? It is definitely no newsbeuter bug and I'm not sure if it
is an stfl bug to be honest.

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Nico Golde <nion@debian.org>:
Bug#616711; Package newsbeuter. (Mon, 07 Mar 2011 16:51:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sven Joachim <svenjoac@gmx.de>:
Extra info received and forwarded to list. Copy sent to Nico Golde <nion@debian.org>. (Mon, 07 Mar 2011 16:51:02 GMT) Full text and rfc822 format available.

Message #30 received at 616711@bugs.debian.org (full text, mbox):

From: Sven Joachim <svenjoac@gmx.de>
To: Nico Golde <nion@debian.org>
Cc: 616711@bugs.debian.org, Craig Small <csmall@debian.org>, Stefano Zacchiroli <zack@debian.org>, ak@synflood.at
Subject: Re: Bug#616711: segfault at start with libncursesw5 5.8-1
Date: Mon, 07 Mar 2011 17:49:41 +0100
On 2011-03-07 17:35 +0100, Nico Golde wrote:

> * Craig Small <csmall@debian.org> [2011-03-07 10:49]:
>> On Sun, Mar 06, 2011 at 09:38:09PM +0100, Stefano Zacchiroli wrote:
>> > I'm not sure if the problem is in newsbeuter (e.g. using the lib in some
>> > unappropriate way which worked up to now) or in libncursesw5 (e.g. unexpected/
>> > undeclared ABI change). I'm Cc:-ing the libncursesw5 maintainer with this bug
>> > report.
>> newsbeuter is calling stfl_ipool_fromwc() which is part of the stfl
>> package.  It's dying between stfl and ncurses.
>> 
>> stfl is a statically linked library
>
> What do you mean?
> file libstfl.so.0.21
> libstfl.so.0.21: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, stripped

I think Craig means that newsbeuter is statically linked against libstfl.

>> , recompiling stfl and linking
>> newsbeuter to that library makes a working binary. You can never be 100%
>> sure, but I don't think the problem lies with newsbeuter.

It seems to be bug #617210 in ncurses.  At least, changing the offending
code in ncurses' newwin() function back to what is was before 5.8 fixes
the newsbeuter segfault for me (stfl is calling newwin(0, 0, 0, 0) in
stfl_form_run()).

I'll reassign this bug to libncursesw5.

Cheers,
       Sven




Bug reassigned from package 'newsbeuter' to 'libncursesw5'. Request was from Sven Joachim <svenjoac@gmx.de> to control@bugs.debian.org. (Mon, 07 Mar 2011 16:57:08 GMT) Full text and rfc822 format available.

Bug No longer marked as found in versions newsbeuter/2.4-1. Request was from Sven Joachim <svenjoac@gmx.de> to control@bugs.debian.org. (Mon, 07 Mar 2011 16:57:08 GMT) Full text and rfc822 format available.

Bug Marked as found in versions ncurses/5.8-1. Request was from Sven Joachim <svenjoac@gmx.de> to control@bugs.debian.org. (Mon, 07 Mar 2011 16:57:09 GMT) Full text and rfc822 format available.

Added indication that 616711 affects newsbeuter Request was from Sven Joachim <svenjoac@gmx.de> to control@bugs.debian.org. (Mon, 07 Mar 2011 16:57:10 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Craig Small <csmall@debian.org>:
Bug#616711; Package libncursesw5. (Mon, 07 Mar 2011 17:24:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Craig Small <csmall@debian.org>. (Mon, 07 Mar 2011 17:24:03 GMT) Full text and rfc822 format available.

Message #43 received at 616711@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: Sven Joachim <svenjoac@gmx.de>, 616711@bugs.debian.org
Cc: Craig Small <csmall@debian.org>, Stefano Zacchiroli <zack@debian.org>, ak@synflood.at
Subject: Re: Bug#616711: segfault at start with libncursesw5 5.8-1
Date: Mon, 7 Mar 2011 18:21:07 +0100
[Message part 1 (text/plain, inline)]
Hi,
* Sven Joachim <svenjoac@gmx.de> [2011-03-07 17:53]:
> On 2011-03-07 17:35 +0100, Nico Golde wrote:
> 
> > * Craig Small <csmall@debian.org> [2011-03-07 10:49]:
> >> On Sun, Mar 06, 2011 at 09:38:09PM +0100, Stefano Zacchiroli wrote:
> >> > I'm not sure if the problem is in newsbeuter (e.g. using the lib in some
> >> > unappropriate way which worked up to now) or in libncursesw5 (e.g. unexpected/
> >> > undeclared ABI change). I'm Cc:-ing the libncursesw5 maintainer with this bug
> >> > report.
> >> newsbeuter is calling stfl_ipool_fromwc() which is part of the stfl
> >> package.  It's dying between stfl and ncurses.
> >> 
> >> stfl is a statically linked library
> >
> > What do you mean?
> > file libstfl.so.0.21
> > libstfl.so.0.21: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, stripped
> 
> I think Craig means that newsbeuter is statically linked against libstfl.

Oh I thought I changed this ages ago, looks like I didn't hence my confusion :)

> >> , recompiling stfl and linking
> >> newsbeuter to that library makes a working binary. You can never be 100%
> >> sure, but I don't think the problem lies with newsbeuter.
> 
> It seems to be bug #617210 in ncurses.  At least, changing the offending
> code in ncurses' newwin() function back to what is was before 5.8 fixes
> the newsbeuter segfault for me (stfl is calling newwin(0, 0, 0, 0) in
> stfl_form_run()).

I can confirm what you though. I already mentioned the window is zero thus 
resulting in a null ptr dereference/invalid read. The reason is:
The created windows is passed via f->root->type->f_draw(f->root, f, dummywin);
in stfl_form_run(). The complete backtrace looks like:
#0  0x00007f66190ad5ce in stfl_style () from /usr/lib/libstfl.so.0
#1  0x00007f66190ae120 in ?? () from /usr/lib/libstfl.so.0
#2  0x00007f66190abe67 in stfl_form_run () from /usr/lib/libstfl.so.0
#3  0x00007f66190ab04e in stfl_run () from /usr/lib/libstfl.so.0

from newsbeuter the path is f->run(-3); => stfl_run() => which hits the
newwin() code in stfl.
#1  0x00007f66190ae120 in ?? () from /usr/lib/libstfl.so.0 is code in 
stfl_widget_style() and this function is called in the various drawing 
functions of stfl that are set to the f_draw function pointer.

> I'll reassign this bug to libncursesw5.

Thanks! I guess the return value check is still something that should be added 
in stfl?

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Craig Small <csmall@debian.org>:
Bug#616711; Package libncursesw5. (Mon, 07 Mar 2011 17:45:14 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sven Joachim <svenjoac@gmx.de>:
Extra info received and forwarded to list. Copy sent to Craig Small <csmall@debian.org>. (Mon, 07 Mar 2011 17:45:14 GMT) Full text and rfc822 format available.

Message #48 received at 616711@bugs.debian.org (full text, mbox):

From: Sven Joachim <svenjoac@gmx.de>
To: Nico Golde <nion@debian.org>
Cc: 616711@bugs.debian.org, Craig Small <csmall@debian.org>, Stefano Zacchiroli <zack@debian.org>, ak@synflood.at
Subject: Re: Bug#616711: segfault at start with libncursesw5 5.8-1
Date: Mon, 07 Mar 2011 18:38:25 +0100
On 2011-03-07 18:21 +0100, Nico Golde wrote:

> * Sven Joachim <svenjoac@gmx.de> [2011-03-07 17:53]:
>> 
>> It seems to be bug #617210 in ncurses.  At least, changing the offending
>> code in ncurses' newwin() function back to what is was before 5.8 fixes
>> the newsbeuter segfault for me (stfl is calling newwin(0, 0, 0, 0) in
>> stfl_form_run()).
>
> I can confirm what you though. I already mentioned the window is zero thus 
> resulting in a null ptr dereference/invalid read. The reason is:
> The created windows is passed via f->root->type->f_draw(f->root, f, dummywin);
> in stfl_form_run(). The complete backtrace looks like:
> #0  0x00007f66190ad5ce in stfl_style () from /usr/lib/libstfl.so.0
> #1  0x00007f66190ae120 in ?? () from /usr/lib/libstfl.so.0
> #2  0x00007f66190abe67 in stfl_form_run () from /usr/lib/libstfl.so.0
> #3  0x00007f66190ab04e in stfl_run () from /usr/lib/libstfl.so.0
>
> from newsbeuter the path is f->run(-3); => stfl_run() => which hits the
> newwin() code in stfl.
> #1  0x00007f66190ae120 in ?? () from /usr/lib/libstfl.so.0 is code in 
> stfl_widget_style() and this function is called in the various drawing 
> functions of stfl that are set to the f_draw function pointer.
>
>> I'll reassign this bug to libncursesw5.
>
> Thanks! I guess the return value check is still something that should be added 
> in stfl?

Probably yes, if only because the faulty newwin() code is in a released
version of ncurses, and other distributions might pick it up sooner or
later.

Cheers,
       Sven




Information forwarded to debian-bugs-dist@lists.debian.org, Craig Small <csmall@debian.org>:
Bug#616711; Package libncursesw5. (Mon, 07 Mar 2011 20:21:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to dickey@his.com:
Extra info received and forwarded to list. Copy sent to Craig Small <csmall@debian.org>. (Mon, 07 Mar 2011 20:21:03 GMT) Full text and rfc822 format available.

Message #53 received at 616711@bugs.debian.org (full text, mbox):

From: dickey@his.com
To: Sven Joachim <svenjoac@gmx.de>, 616711@bugs.debian.org
Subject: Re: Bug#616711: segfault at start with libncursesw5 5.8-1
Date: Mon, 07 Mar 2011 15:11:19 -0500
Quoting Sven Joachim <svenjoac@gmx.de>:

> On 2011-03-07 18:21 +0100, Nico Golde wrote:
>
>> * Sven Joachim <svenjoac@gmx.de> [2011-03-07 17:53]:
>>>
>>> It seems to be bug #617210 in ncurses.  At least, changing the offending
>>> code in ncurses' newwin() function back to what is was before 5.8 fixes
>>> the newsbeuter segfault for me (stfl is calling newwin(0, 0, 0, 0) in
>>> stfl_form_run()).
>>
>> I can confirm what you though. I already mentioned the window is zero thus
>> resulting in a null ptr dereference/invalid read. The reason is:
>> The created windows is passed via f->root->type->f_draw(f->root, f,  
>>  dummywin);
>> in stfl_form_run(). The complete backtrace looks like:
>> #0  0x00007f66190ad5ce in stfl_style () from /usr/lib/libstfl.so.0
>> #1  0x00007f66190ae120 in ?? () from /usr/lib/libstfl.so.0
>> #2  0x00007f66190abe67 in stfl_form_run () from /usr/lib/libstfl.so.0
>> #3  0x00007f66190ab04e in stfl_run () from /usr/lib/libstfl.so.0
>>
>> from newsbeuter the path is f->run(-3); => stfl_run() => which hits the
>> newwin() code in stfl.
>> #1  0x00007f66190ae120 in ?? () from /usr/lib/libstfl.so.0 is code in
>> stfl_widget_style() and this function is called in the various drawing
>> functions of stfl that are set to the f_draw function pointer.
>>
>>> I'll reassign this bug to libncursesw5.
>>
>> Thanks! I guess the return value check is still something that   
>> should be added
>> in stfl?
>
> Probably yes, if only because the faulty newwin() code is in a released
> version of ncurses, and other distributions might pick it up sooner or
> later.

yes - that's not a good bug (far worse than the usual post-release bug  
reports).
Do you suppose it would be advisable to make a 5.9 release in a few weeks?






Information forwarded to debian-bugs-dist@lists.debian.org, Craig Small <csmall@debian.org>:
Bug#616711; Package libncursesw5. (Mon, 07 Mar 2011 20:51:12 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sven Joachim <svenjoac@gmx.de>:
Extra info received and forwarded to list. Copy sent to Craig Small <csmall@debian.org>. (Mon, 07 Mar 2011 20:51:12 GMT) Full text and rfc822 format available.

Message #58 received at 616711@bugs.debian.org (full text, mbox):

From: Sven Joachim <svenjoac@gmx.de>
To: dickey@his.com
Cc: 616711@bugs.debian.org
Subject: Re: Bug#616711: segfault at start with libncursesw5 5.8-1
Date: Mon, 07 Mar 2011 21:50:17 +0100
On 2011-03-07 21:11 +0100, dickey@his.com wrote:

> Quoting Sven Joachim <svenjoac@gmx.de>:
>>
>> Probably yes, if only because the faulty newwin() code is in a released
>> version of ncurses, and other distributions might pick it up sooner or
>> later.
>
> yes - that's not a good bug (far worse than the usual post-release bug
> reports).
> Do you suppose it would be advisable to make a 5.9 release in a few weeks?

Seems like a good idea to me.

Cheers,
       Sven




Added tag(s) pending. Request was from Sven Joachim <svenjoac@gmx.de> to control@bugs.debian.org. (Tue, 08 Mar 2011 20:12:08 GMT) Full text and rfc822 format available.

Message sent on to Stefano Zacchiroli <zack@debian.org>:
Bug#616711. (Tue, 08 Mar 2011 20:12:10 GMT) Full text and rfc822 format available.

Message #63 received at 616711-submitter@bugs.debian.org (full text, mbox):

From: Sven Joachim <svenjoac@gmx.de>
To: 616711-submitter@bugs.debian.org
Subject: Bug#616711 marked as pending
Date: Tue, 08 Mar 2011 20:09:30 +0000
tag 616711 pending
thanks

Hello,

Bug #616711 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    http://git.debian.org/?p=collab-maint/ncurses.git;a=commitdiff;h=c79e2f6

---
commit c79e2f6b56a72194d63ee57346af9f606374aede
Author: Sven Joachim <svenjoac@gmx.de>
Date:   Tue Mar 8 20:37:52 2011 +0100

    New upstream patchlevel
    
    Fixes the bad checks in newwin() that broke newsbeuter, tig and
    probably several other applications.

diff --git a/debian/changelog b/debian/changelog
index 145aebf..d3dc52a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,10 +1,12 @@
-ncurses (5.8-2) UNRELEASED; urgency=low
+ncurses (5.8+20110307-1) UNRELEASED; urgency=low
 
+  * New upstream patchlevel.
+    - Fixes bad bound checks in newwin() (Closes: #616711, #617210).
   * Update years in debian/copyright.
   * Add a debian/watch.patchlevel file for checking/downloading weekly
     snapshots with uscan.
 
- -- Sven Joachim <svenjoac@gmx.de>  Tue, 08 Mar 2011 19:54:45 +0100
+ -- Sven Joachim <svenjoac@gmx.de>  Tue, 08 Mar 2011 20:32:23 +0100
 
 ncurses (5.8-1) unstable; urgency=low
 




Reply sent to Sven Joachim <svenjoac@gmx.de>:
You have taken responsibility. (Wed, 09 Mar 2011 03:21:08 GMT) Full text and rfc822 format available.

Notification sent to Stefano Zacchiroli <zack@debian.org>:
Bug acknowledged by developer. (Wed, 09 Mar 2011 03:21:08 GMT) Full text and rfc822 format available.

Message #68 received at 616711-close@bugs.debian.org (full text, mbox):

From: Sven Joachim <svenjoac@gmx.de>
To: 616711-close@bugs.debian.org
Subject: Bug#616711: fixed in ncurses 5.8+20110307-1
Date: Wed, 09 Mar 2011 03:18:52 +0000
Source: ncurses
Source-Version: 5.8+20110307-1

We believe that the bug you reported is fixed in the latest version of
ncurses, which is due to be installed in the Debian FTP archive:

lib32ncurses5-dev_5.8+20110307-1_amd64.deb
  to main/n/ncurses/lib32ncurses5-dev_5.8+20110307-1_amd64.deb
lib32ncurses5_5.8+20110307-1_amd64.deb
  to main/n/ncurses/lib32ncurses5_5.8+20110307-1_amd64.deb
lib32ncursesw5-dev_5.8+20110307-1_amd64.deb
  to main/n/ncurses/lib32ncursesw5-dev_5.8+20110307-1_amd64.deb
lib32ncursesw5_5.8+20110307-1_amd64.deb
  to main/n/ncurses/lib32ncursesw5_5.8+20110307-1_amd64.deb
libncurses5-dbg_5.8+20110307-1_amd64.deb
  to main/n/ncurses/libncurses5-dbg_5.8+20110307-1_amd64.deb
libncurses5-dev_5.8+20110307-1_amd64.deb
  to main/n/ncurses/libncurses5-dev_5.8+20110307-1_amd64.deb
libncurses5_5.8+20110307-1_amd64.deb
  to main/n/ncurses/libncurses5_5.8+20110307-1_amd64.deb
libncursesw5-dbg_5.8+20110307-1_amd64.deb
  to main/n/ncurses/libncursesw5-dbg_5.8+20110307-1_amd64.deb
libncursesw5-dev_5.8+20110307-1_amd64.deb
  to main/n/ncurses/libncursesw5-dev_5.8+20110307-1_amd64.deb
libncursesw5_5.8+20110307-1_amd64.deb
  to main/n/ncurses/libncursesw5_5.8+20110307-1_amd64.deb
ncurses-base_5.8+20110307-1_all.deb
  to main/n/ncurses/ncurses-base_5.8+20110307-1_all.deb
ncurses-bin_5.8+20110307-1_amd64.deb
  to main/n/ncurses/ncurses-bin_5.8+20110307-1_amd64.deb
ncurses-doc_5.8+20110307-1_all.deb
  to main/n/ncurses/ncurses-doc_5.8+20110307-1_all.deb
ncurses-examples_5.8+20110307-1_amd64.deb
  to main/n/ncurses/ncurses-examples_5.8+20110307-1_amd64.deb
ncurses-term_5.8+20110307-1_all.deb
  to main/n/ncurses/ncurses-term_5.8+20110307-1_all.deb
ncurses_5.8+20110307-1.debian.tar.gz
  to main/n/ncurses/ncurses_5.8+20110307-1.debian.tar.gz
ncurses_5.8+20110307-1.dsc
  to main/n/ncurses/ncurses_5.8+20110307-1.dsc
ncurses_5.8+20110307.orig.tar.gz
  to main/n/ncurses/ncurses_5.8+20110307.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 616711@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sven Joachim <svenjoac@gmx.de> (supplier of updated ncurses package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 08 Mar 2011 20:32:23 +0100
Source: ncurses
Binary: libncurses5 libncurses5-dev libncurses5-dbg libncursesw5 libncursesw5-dev libncursesw5-dbg lib64ncurses5 lib64ncurses5-dev lib32ncurses5 lib32ncurses5-dev lib32ncursesw5 lib32ncursesw5-dev ncurses-bin ncurses-base ncurses-term ncurses-examples ncurses-doc
Architecture: source amd64 all
Version: 5.8+20110307-1
Distribution: unstable
Urgency: low
Maintainer: Craig Small <csmall@debian.org>
Changed-By: Sven Joachim <svenjoac@gmx.de>
Description: 
 lib32ncurses5 - shared libraries for terminal handling (32-bit)
 lib32ncurses5-dev - developer's libraries for ncurses (32-bit)
 lib32ncursesw5 - shared libraries for terminal handling (wide character support) (
 lib32ncursesw5-dev - developer's libraries for ncursesw (32-bit)
 lib64ncurses5 - shared libraries for terminal handling (64-bit)
 lib64ncurses5-dev - developer's libraries for ncurses (64-bit)
 libncurses5 - shared libraries for terminal handling
 libncurses5-dbg - debugging/profiling libraries for ncurses
 libncurses5-dev - developer's libraries for ncurses
 libncursesw5 - shared libraries for terminal handling (wide character support)
 libncursesw5-dbg - debugging/profiling libraries for ncursesw
 libncursesw5-dev - developer's libraries for ncursesw
 ncurses-base - basic terminal type definitions
 ncurses-bin - terminal-related programs and man pages
 ncurses-doc - developer's guide and documentation for ncurses
 ncurses-examples - test programs and examples for ncurses
 ncurses-term - additional terminal type definitions
Closes: 616711 617210
Changes: 
 ncurses (5.8+20110307-1) unstable; urgency=low
 .
   * New upstream patchlevel.
     - Fixes bad bound checks in newwin() (Closes: #616711, #617210).
   * Update years in debian/copyright.
   * Add a debian/watch.patchlevel file for checking/downloading weekly
     snapshots with uscan.
Checksums-Sha1: 
 db7a8c917828f9fb992b20582fbfa65daca3a17c 1617 ncurses_5.8+20110307-1.dsc
 2eb571183193c31486392d4feb274b9d87a299ca 2699855 ncurses_5.8+20110307.orig.tar.gz
 0a509e34dc116028766b752a65a16f72b3c4b29f 57561 ncurses_5.8+20110307-1.debian.tar.gz
 ebe7fd31ed8b087894e773a97713d34553ef8305 376438 libncurses5_5.8+20110307-1_amd64.deb
 e8d4707d2400d8406ca951ad4845b9c58cf218f7 505136 libncurses5-dev_5.8+20110307-1_amd64.deb
 56e5b6bcd0b93cc257ddb81800bbb02510d0a772 3536674 libncurses5-dbg_5.8+20110307-1_amd64.deb
 f82ba63e418bae80629faf3dacec5e86b65932d0 401354 libncursesw5_5.8+20110307-1_amd64.deb
 b82525bde816dc877d607063b409bddc8f4ce447 537268 libncursesw5-dev_5.8+20110307-1_amd64.deb
 85e9105e54a9218122cdddb7ac34faf72dce2fee 2812144 libncursesw5-dbg_5.8+20110307-1_amd64.deb
 e645091f17886346bd1053bde612919da9d1bb4a 356754 lib32ncurses5_5.8+20110307-1_amd64.deb
 8a3c40e0c8db442974523a552bbbbd4fab8f787f 405306 lib32ncurses5-dev_5.8+20110307-1_amd64.deb
 1b6a3c9df5f38e681a4f047812e8c6388375634e 384542 lib32ncursesw5_5.8+20110307-1_amd64.deb
 c88316bbae96ede2c5ec3689d3ba8d2cc9222482 435060 lib32ncursesw5-dev_5.8+20110307-1_amd64.deb
 a1e3f6445dd1a073eb8887b87371072e01224f29 330352 ncurses-bin_5.8+20110307-1_amd64.deb
 f2de277e746ab3d58d05dda187edf6b3b21088ce 411928 ncurses-examples_5.8+20110307-1_amd64.deb
 53f0f1172414d9c6c81ece6b4c49d8da1080bebc 195430 ncurses-base_5.8+20110307-1_all.deb
 0faaba2a94609b83c8f80936e84ee7bc8f5f98c9 592800 ncurses-term_5.8+20110307-1_all.deb
 878c1d41df60115ee7452da1db1ada88e7e2db5e 1015848 ncurses-doc_5.8+20110307-1_all.deb
Checksums-Sha256: 
 40602799e7266c2b0a71df00904bf1cf5c4f30b20545f068e8b60745baab922a 1617 ncurses_5.8+20110307-1.dsc
 ed385b2a9d75ad3e8af08c1e0855dd6c1c2767f3c5fd5fa1fab35409ed1442ff 2699855 ncurses_5.8+20110307.orig.tar.gz
 2e78d457b14c031e449703d785167e523478838685a90fcba0a639bdd40d98b7 57561 ncurses_5.8+20110307-1.debian.tar.gz
 ee6de05649deefbe76abad0ee24d00f815ec7ce29dcd5f7e4e6893aa84815275 376438 libncurses5_5.8+20110307-1_amd64.deb
 a9a765dfc70ab2b2d8868db999a100924788e8d2b17e365c447d631900485a48 505136 libncurses5-dev_5.8+20110307-1_amd64.deb
 8f5b4965c5b6405582eb9152a8feb5c4438b04f8c6f164df938eabed3e030107 3536674 libncurses5-dbg_5.8+20110307-1_amd64.deb
 d7e982ac0c680d10e838045c1ea3956ac3f8cf6760ecda42875e9c10b3799046 401354 libncursesw5_5.8+20110307-1_amd64.deb
 541b7bb836f7cd94d492c822d79a02be79e6efc392ac8b8246b7f454077b7ce3 537268 libncursesw5-dev_5.8+20110307-1_amd64.deb
 72c49de37b336dc81f227c22120552ee1531127777edcb1630d39a4f33b8a033 2812144 libncursesw5-dbg_5.8+20110307-1_amd64.deb
 552dff8229f4e6c618a8ee4264f8072c89fe599afd8e7b43276c9b672d82ea44 356754 lib32ncurses5_5.8+20110307-1_amd64.deb
 5a7e70dcf1f4cbb534f586876d53c94bc89aea7a77e11a29fb98df505c5eaa71 405306 lib32ncurses5-dev_5.8+20110307-1_amd64.deb
 dc3368941a48484ba04eb0a459a5cf03ab1789a00a78d13199b9381f584b93dc 384542 lib32ncursesw5_5.8+20110307-1_amd64.deb
 4a40e0b3c20b8c6839ff2ffea77e2a28c7685e5b6c0c2f10ff65572d91048b33 435060 lib32ncursesw5-dev_5.8+20110307-1_amd64.deb
 f63390e715c77be490061f04c7a5a903e0fe75c04f7d7173d0ec4aaafaf8a819 330352 ncurses-bin_5.8+20110307-1_amd64.deb
 edafd3fc4a1a33997a2d171df057c3fd406b63495bb2e13bc9636660af15fd73 411928 ncurses-examples_5.8+20110307-1_amd64.deb
 91a5ba087a1983eb18c7c250742538b6cf533953c9657cf758c96320333e5806 195430 ncurses-base_5.8+20110307-1_all.deb
 06bb975ec59b192db39fa5e5bc6ff7b1fdaf241fca4d816536f2e064752a516a 592800 ncurses-term_5.8+20110307-1_all.deb
 14b39ad7cf564a205bbaedb2f2a308d92faa5ad161f8f7a55536010cea0a6fdf 1015848 ncurses-doc_5.8+20110307-1_all.deb
Files: 
 532b6cb9a3870613fbed226f77335b0b 1617 libs required ncurses_5.8+20110307-1.dsc
 21180164f27a5069b01e971210c9ba0e 2699855 libs required ncurses_5.8+20110307.orig.tar.gz
 3c05f7a16dd7ac0152dbf69a604217f9 57561 libs required ncurses_5.8+20110307-1.debian.tar.gz
 070d59279558683aa44d55bc96505454 376438 libs required libncurses5_5.8+20110307-1_amd64.deb
 599e67bd29fc426b77a6fd4f826cc751 505136 libdevel optional libncurses5-dev_5.8+20110307-1_amd64.deb
 ff972e891c5f58d0db799a4393d467be 3536674 debug extra libncurses5-dbg_5.8+20110307-1_amd64.deb
 cb674bb26e30c2dc1675c2a3128a0667 401354 libs important libncursesw5_5.8+20110307-1_amd64.deb
 e41828b33f3456f7417ec56e3e6b712b 537268 libdevel optional libncursesw5-dev_5.8+20110307-1_amd64.deb
 6c63ce21d01c23d136cfbfb6ac75cace 2812144 debug extra libncursesw5-dbg_5.8+20110307-1_amd64.deb
 c2b01c9f90f3fe7400eda3b51412f321 356754 libs optional lib32ncurses5_5.8+20110307-1_amd64.deb
 9ee555e935c1e4a4ac30abee5d5ff01a 405306 libdevel optional lib32ncurses5-dev_5.8+20110307-1_amd64.deb
 559a0cb1cbd33f982f99d9d5a25b49bc 384542 libs optional lib32ncursesw5_5.8+20110307-1_amd64.deb
 ee28adb627c23a2c93b2018214fa501e 435060 libdevel optional lib32ncursesw5-dev_5.8+20110307-1_amd64.deb
 c1dd72e401daba4eaabfb6b14ed1f9ea 330352 utils required ncurses-bin_5.8+20110307-1_amd64.deb
 1dcbdd8cfc26f648cb078b068bd5623c 411928 misc optional ncurses-examples_5.8+20110307-1_amd64.deb
 17d2b65f2751044ffaf16f639645657b 195430 utils required ncurses-base_5.8+20110307-1_all.deb
 159f5736934e508c92438302878e1b05 592800 admin standard ncurses-term_5.8+20110307-1_all.deb
 414089bacdab993686af15d3474b408e 1015848 doc optional ncurses-doc_5.8+20110307-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk122dsACgkQx2zlrBLK36UInwCeK59jS6HW8INN+Haqv/v2fXfk
DdYAoJWzvNbTX0AIL7Xk25elSPZouY56
=dbv7
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 04 May 2011 07:33:44 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 22:11:47 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.