Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1066168 - [abrt] dialog: unescape_argv(): dialog killed by SIGSEGV
Summary: [abrt] dialog: unescape_argv(): dialog killed by SIGSEGV
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: dialog
Version: 20
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Lichvar
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:44936c701fe98a474ec499b2784...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-02-17 22:11 UTC by Robert Strickler
Modified: 2014-02-20 23:09 UTC (History)
2 users (show)

Fixed In Version: dialog-1.2-7.20140219.fc21
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-02-20 13:30:04 UTC


Attachments (Terms of Use)
File: backtrace (deleted)
2014-02-17 22:11 UTC, Robert Strickler
no flags Details
File: cgroup (deleted)
2014-02-17 22:11 UTC, Robert Strickler
no flags Details
File: core_backtrace (deleted)
2014-02-17 22:11 UTC, Robert Strickler
no flags Details
File: dso_list (deleted)
2014-02-17 22:12 UTC, Robert Strickler
no flags Details
File: environ (deleted)
2014-02-17 22:12 UTC, Robert Strickler
no flags Details
File: exploitable (deleted)
2014-02-17 22:12 UTC, Robert Strickler
no flags Details
File: limits (deleted)
2014-02-17 22:12 UTC, Robert Strickler
no flags Details
File: maps (deleted)
2014-02-17 22:12 UTC, Robert Strickler
no flags Details
File: open_fds (deleted)
2014-02-17 22:12 UTC, Robert Strickler
no flags Details
File: proc_pid_status (deleted)
2014-02-17 22:12 UTC, Robert Strickler
no flags Details
File: var_log_messages (deleted)
2014-02-17 22:12 UTC, Robert Strickler
no flags Details

Description Robert Strickler 2014-02-17 22:11:51 UTC
Description of problem:
submitted malformed dialog commandline. Resolved before ABRT presented notification so I dont have the submitted arg file.

Version-Release number of selected component:
dialog-1.2-4.20130902.fc20

Additional info:
reporter:       libreport-2.1.12
backtrace_rating: 4
cmdline:        dialog --title 'Only 1 candidate device found' --file /tmp/rpi2 --yesno 15 50 --defaultno
crash_function: unescape_argv
executable:     /usr/bin/dialog
kernel:         3.12.10-300.fc20.x86_64
runlevel:       unknown
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (1 frames)
 #0 unescape_argv at dialog.c:369

Comment 1 Robert Strickler 2014-02-17 22:11:56 UTC
Created attachment 864303 [details]
File: backtrace

Comment 2 Robert Strickler 2014-02-17 22:11:57 UTC
Created attachment 864304 [details]
File: cgroup

Comment 3 Robert Strickler 2014-02-17 22:11:59 UTC
Created attachment 864305 [details]
File: core_backtrace

Comment 4 Robert Strickler 2014-02-17 22:12:01 UTC
Created attachment 864306 [details]
File: dso_list

Comment 5 Robert Strickler 2014-02-17 22:12:02 UTC
Created attachment 864307 [details]
File: environ

Comment 6 Robert Strickler 2014-02-17 22:12:05 UTC
Created attachment 864308 [details]
File: exploitable

Comment 7 Robert Strickler 2014-02-17 22:12:08 UTC
Created attachment 864309 [details]
File: limits

Comment 8 Robert Strickler 2014-02-17 22:12:12 UTC
Created attachment 864310 [details]
File: maps

Comment 9 Robert Strickler 2014-02-17 22:12:13 UTC
Created attachment 864311 [details]
File: open_fds

Comment 10 Robert Strickler 2014-02-17 22:12:14 UTC
Created attachment 864312 [details]
File: proc_pid_status

Comment 11 Robert Strickler 2014-02-17 22:12:16 UTC
Created attachment 864313 [details]
File: var_log_messages

Comment 12 Miroslav Lichvar 2014-02-18 13:57:06 UTC
I can reproduce it with

dialog --file <(echo aaa) --yesno 15 50

The latest upstream dialog (20140112) seems to crash too. CCing upstream maintainer.

Comment 13 Thomas E. Dickey 2014-02-19 01:09:46 UTC
I see - basically the problem is that the cases I tested all
had more than one token (so the adjustment-loop is wrong).
will fix...

Comment 14 Thomas E. Dickey 2014-02-20 01:25:56 UTC
I've uploaded a fixed version.

Comment 15 Miroslav Lichvar 2014-02-20 13:30:04 UTC
Thanks, Thomas.

Comment 16 Thomas E. Dickey 2014-02-20 23:09:54 UTC
no problem (report bugs)


Note You need to log in before you can comment on or make changes to this bug.