From owner-freebsd-bugs@FreeBSD.ORG  Sun May 25 12:50:05 2008
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 75DF5106567A
	for <freebsd-bugs@hub.freebsd.org>;
	Sun, 25 May 2008 12:50:05 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 2E58D8FC26
	for <freebsd-bugs@hub.freebsd.org>;
	Sun, 25 May 2008 12:50:05 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m4PCo5YG035063
	for <freebsd-bugs@freefall.freebsd.org>; Sun, 25 May 2008 12:50:05 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m4PCo5YK035060;
	Sun, 25 May 2008 12:50:05 GMT (envelope-from gnats)
Date: Sun, 25 May 2008 12:50:05 GMT
Message-Id: <200805251250.m4PCo5YK035060@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
From: Kris Kennaway <kris@FreeBSD.org>
Cc: 
Subject: Re: bin/123977: Segmentation fault in dialog with
 ghostscript-gpl-nox11 port
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Kris Kennaway <kris@FreeBSD.org>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 25 May 2008 12:50:05 -0000

The following reply was made to PR bin/123977; it has been noted by GNATS.

From: Kris Kennaway <kris@FreeBSD.org>
To: Jille <jille@quis.cx>
Cc: FreeBSD-gnats-submit@FreeBSD.org, Ed <ed@FreeBSD.org>
Subject: Re: bin/123977: Segmentation fault in dialog with ghostscript-gpl-nox11
 port
Date: Sun, 25 May 2008 14:43:39 +0200

 Jille wrote:
 > 
 > 
 > Kris Kennaway schreef:
 >> Jille wrote:
 >>
 >>>> Environment:
 >>> System: FreeBSD bob.omicidio.nl 6.2-RELEASE-p9 FreeBSD 6.2-RELEASE-p9 
 >>> #0: Sun Jan 13 12:50:30 CET 2008 
 >>> quis@bob.omicidio.nl:/usr/obj/usr/src/sys/BOB i386
 >>>
 >>>         libdialog.so.5 => /usr/lib/libdialog.so.5 (0x2807b000)
 >>>         libncurses.so.6 => /lib/libncurses.so.6 (0x28094000)
 >>>         libc.so.6 => /lib/libc.so.6 (0x280d3000)
 >>>> Description:
 >>>     When trying make config in /usr/ports/print/ghostscript-gpl-nox11,
 >>>     I get a normal dialog (with a lot of options, might be a/the 
 >>> problem ?)
 >>>     When I hit OK, Dialog crashes with SIGSEGV (when hitting Cancel 
 >>> it doesn't crash)
 >>>     Output:
 >>>     Segmentation fault (core dumped)
 >>>     ===> Options unchanged
 >>>
 >>>     # portsnap fetch extract
 >>>     didn't solve the problem
 >>>> How-To-Repeat:
 >>>     cd /usr/ports/print/ghostscript-gpl-nox11
 >>>     make config
 >>>     tab, enter (OK)
 >>>> Fix:
 >>>     Unfortunately I couldn't get a backtrace.
 >>>     (Recompiled dialog and libndialog with -g)
 >>>     I can give the memory adresses in the backtrace, but they seem 
 >>> quite useless.
 >>>     I'm willing to provide help of course, so tell me what to do :)
 >>>
 >>>     Note: the recompiled dialog and libndialog where the 6.3-sources! 
 >>> (I had 6.3 checked out, and compiled, to be able to upgrade with a 
 >>> few commands)
 >>>     However the crash also occurred with the original 6.2-source.
 >>
 >> In order to proceed with this we need either a reliable way to 
 >> reproduce this, or a backtrace.
 > I just tested and couldn't reproduce it on 6.3-p2 with the same port 
 > (that system does have X11)
 > I can reproduce it on the 6.2 box.
 > 
 > Could you tell me what to do to produce a backtrace ?
 
 The process is documented in the developers handbook.
 
 > The backtrace I could get (without function names, files, linenos etc) 
 > was huge, I didn't made it to the top (> 500).
 > I can try to dump it entirely, might it ever stop.
 > 
 > I can also upload my dialog-binary, dialog-core, libdialog-with-debug, 
 > and libc somewhere ?
 > 
 > I have compiled dialog and libdialog with -g, should I also do it with 
 > libc ?
 
 It may be necessary, but if it is crashing in dialog then those parts of 
 the backtrace should be fine at least.  If you are not seeing any 
 file:line details then something went wrong with your -g binaries, e.g. 
 they were stripped when they were installed.
 
 > A few minutes after submitting this PR I saw
 > http://www.freebsd.org/cgi/query-pr.cgi?pr=gnu/45168
 > A buffer overflow in dialog, when having too many options selected 
 > (MAX_LEN (output length) = 2048, and they're using strcpy)
 
 Yes, the dialog code is quite "low-grade" :)
 
 > (The category should be changed from bin -> gnu btw, missed the gnu in 
 > the list)
 > 
 > I'm gonna try to get to the top of the backtrace now.
 
 Kris