Bug#974888: growlight: Reproducibly segfaults on pressing F1

[Axel Beckert]

Control: retitle -1 Segfaults on pressing function keys (e.g. F2)
Control: found -1 1.2.22-1
Control: tag -1 +unreproducible

Hi Nick,

Nick Black wrote:
> retitle 974888 segfaults sometimes on shutdown

Sorry, but that's not what the bug report is about.

(It was also missing a "Control:" prefix or a Bcc/Cc to
control@bugs.d.o, so it was not effective anyway.)

I've allowed myself to update the bug report title a bit anyway since
pressing F1 now works.

> I can reproduce the segfault when shutting down on about 20% of
> my runs.

Explains why I couldn't reproduce it when I tried it a second time.

> The key to getting a coredump with a sudo process is […]

Thanks for the suggestion, but I don't use sudo.

> `ulimit -c unlimited`

That was the right hint, thanks! For some reason I've disable
coredumps in my zsh config in 2011, but for some reason it didn't seem
to have an effect until recently. I'm sure I disassembled quite some
backtraces in the past few years. Strange. But oh well, issue found,
issue fixed.

Unfortunately the backtrace is not better than before:

/var/crash/0 # gdb =growlight 
16204-0-0-11-1606666623-c6--usr-sbin-growlight.core
GNU gdb (Debian 10.1-1+b1) 10.1
Copyright (C) 2020 Free Software Foundation, Inc.
[…yada yada…]
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/sbin/growlight...
Reading symbols from 
/usr/lib/debug/.build-id/fd/9c21157fc5ce0b626d6f467dd9837a8da15e4c.debug...
Illegal process-id: 16204-0-0-11-1606666623-c6--usr-sbin-growlight.core.
[New LWP 16204]
[New LWP 16414]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `growlight'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x000056016ad7aa11 in handle_input (w=<optimized out>)
    at ./src/notcurses/notcurses.c:5598
5598    ./src/notcurses/notcurses.c: No such file or directory.
[Current thread is 1 (Thread 0x7f30cbfca300 (LWP 16204))]
(gdb) bt
#0  0x000056016ad7aa11 in handle_input (w=<optimized out>)
    at ./src/notcurses/notcurses.c:5598
#1  main (argc=<optimized out>, argv=<optimized out>)
    at ./src/notcurses/notcurses.c:6133
(gdb)

> i can't reproduce this segfault on other function keys at all.

Tagging the bug report to "unreproducible" then. Makes it probably
more clear for others what's the state of this issue.

> are you still seeing it with 1.2.22-1?

Yep. See above. Tried several times, at least two times with F2 and
once with F3. Always segfaulted for me. :-/

Full output seen after the crash:

~ # growlight
Term: 58x80 xterm-256color (xterm with 256 colors)

 notcurses 2.0.8 by nick black et al
  58 rows 80 cols (72.50KiB) 16B cells 256 colors
  compiled with gcc-10.2.0, little-endian
  terminfo from ncurses 6.2.20201114
  avformat 58.45.100 avutil 56.51.100 swscale 5.7.100

 Warning! Colors subject to https://github.com/dankamongmen/notcurses/issues/4
  Specify a (correct) TrueColor TERM, or COLORTERM=24bit.
[1]    21885 segmentation fault (core dumped)  growlight

Also tried a different terminal size and setting different values for
$TERM and $COLORTERM, but same outcome:

~ # env COLORTERM=24bit growlight
Term: 92x319 xterm-256color (xterm with 256 colors)

 notcurses 2.0.8 by nick black et al
  92 rows 319 cols (458.56KiB) 16B cells 256 colors+RGB
  compiled with gcc-10.2.0, little-endian
  terminfo from ncurses 6.2.20201114
  avformat 58.45.100 avutil 56.51.100 swscale 5.7.100
[1]    25420 segmentation fault (core dumped)  env COLORTERM=24bit growlight

~ # env TERM=xterm growlight
Term: 58x80 xterm (xterm terminal emulator (X Window System))

 notcurses 2.0.8 by nick black et al
  58 rows 80 cols (72.50KiB) 16B cells 8 colors
  compiled with gcc-10.2.0, little-endian
  terminfo from ncurses 6.2.20201114
  avformat 58.45.100 avutil 56.51.100 swscale 5.7.100

 Warning! Colors subject to https://github.com/dankamongmen/notcurses/issues/4
  Specify a (correct) TrueColor TERM, or COLORTERM=24bit.
[1]    26129 segmentation fault (core dumped)  env TERM=xterm growlight

Also tried a VTE based terminal, which btw. also sets
TERM=xterm-256color, instead of (u)xterm. So I tried KiTTY which sets
TERM=xterm-kitty. No difference either.

Feel free to ping me once notcurses 2.0.10 is uploaded to unstable or
experimental and I'll happily test again.

I also tried a few other programs linked against notcurses to see if I
can reproduce this elsewhere, but so far no luck. I tried:

* notcurses-demo (package notcurses-bin; cool demo btw!)
* notcurses-input (package notcurses-bin)
* notcurses-tetris (package notcurses-bin)
* snd.nox (package snd-nox)

None of them crashed on pressing a function row key.

                Regards, Axel
-- 
 ,''`.  |  Axel Beckert <a...@debian.org>, https://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-    |  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE