Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 1066168

Summary: [abrt] dialog: unescape_argv(): dialog killed by SIGSEGV
Product: [Fedora] Fedora Reporter: Robert Strickler <bugz.to.anomalyst>
Component: dialogAssignee: Miroslav Lichvar <mlichvar>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 20CC: dickey, mlichvar
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/73787ed78c9bf67f80437db4b6089461db8ac262
Whiteboard: abrt_hash:44936c701fe98a474ec499b27840e426e542bdb3
Fixed In Version: dialog-1.2-7.20140219.fc21 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-02-20 13:30:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Attachments:
Description Flags
File: backtrace
none
File: cgroup
none
File: core_backtrace
none
File: dso_list
none
File: environ
none
File: exploitable
none
File: limits
none
File: maps
none
File: open_fds
none
File: proc_pid_status
none
File: var_log_messages none

Description Robert Strickler 2014-02-17 22:11:51 UTC
Description of problem:
submitted malformed dialog commandline. Resolved before ABRT presented notification so I dont have the submitted arg file.

Version-Release number of selected component:
dialog-1.2-4.20130902.fc20

Additional info:
reporter:       libreport-2.1.12
backtrace_rating: 4
cmdline:        dialog --title 'Only 1 candidate device found' --file /tmp/rpi2 --yesno 15 50 --defaultno
crash_function: unescape_argv
executable:     /usr/bin/dialog
kernel:         3.12.10-300.fc20.x86_64
runlevel:       unknown
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (1 frames)
 #0 unescape_argv at dialog.c:369

Comment 1 Robert Strickler 2014-02-17 22:11:56 UTC
Created attachment 864303 [details]
File: backtrace

Comment 2 Robert Strickler 2014-02-17 22:11:57 UTC
Created attachment 864304 [details]
File: cgroup

Comment 3 Robert Strickler 2014-02-17 22:11:59 UTC
Created attachment 864305 [details]
File: core_backtrace

Comment 4 Robert Strickler 2014-02-17 22:12:01 UTC
Created attachment 864306 [details]
File: dso_list

Comment 5 Robert Strickler 2014-02-17 22:12:02 UTC
Created attachment 864307 [details]
File: environ

Comment 6 Robert Strickler 2014-02-17 22:12:05 UTC
Created attachment 864308 [details]
File: exploitable

Comment 7 Robert Strickler 2014-02-17 22:12:08 UTC
Created attachment 864309 [details]
File: limits

Comment 8 Robert Strickler 2014-02-17 22:12:12 UTC
Created attachment 864310 [details]
File: maps

Comment 9 Robert Strickler 2014-02-17 22:12:13 UTC
Created attachment 864311 [details]
File: open_fds

Comment 10 Robert Strickler 2014-02-17 22:12:14 UTC
Created attachment 864312 [details]
File: proc_pid_status

Comment 11 Robert Strickler 2014-02-17 22:12:16 UTC
Created attachment 864313 [details]
File: var_log_messages

Comment 12 Miroslav Lichvar 2014-02-18 13:57:06 UTC
I can reproduce it with

dialog --file <(echo aaa) --yesno 15 50

The latest upstream dialog (20140112) seems to crash too. CCing upstream maintainer.

Comment 13 Thomas E. Dickey 2014-02-19 01:09:46 UTC
I see - basically the problem is that the cases I tested all
had more than one token (so the adjustment-loop is wrong).
will fix...

Comment 14 Thomas E. Dickey 2014-02-20 01:25:56 UTC
I've uploaded a fixed version.

Comment 15 Miroslav Lichvar 2014-02-20 13:30:04 UTC
Thanks, Thomas.

Comment 16 Thomas E. Dickey 2014-02-20 23:09:54 UTC
no problem (report bugs)