Dear Maintainer,
I tried to have a look and received the backtrace below [3].
As far as I see is 4.8.27 in current testing not affected.
And a 'git bisect' led to the upstream commit [1], which
is tracked in upstream bug [2].
A package 4.8.26 built with this commit is also
working as expected (see attached patch).
Kind regards,
Bernhard
[1]
https://github.com/MidnightCommander/mc/commit/0375997c789eef9b6355aadd80aaf4aced68c560
[2] https://midnight-commander.org/ticket/4244
[3]
Program terminated with signal SIGSEGV, Segmentation fault.
#0 widget_set_size (w=0x0, y=y@entry=59, x=<optimized out>,
lines=lines@entry=1, cols=cols@entry=19) at widget-common.c:450
450 if (w->owner != NULL && widget_get_state (WIDGET (w->owner),
WST_ACTIVE))
(gdb) set width 0
(gdb) set pagination off
(gdb) bt
#0 widget_set_size (w=0x0, y=y@entry=59, x=<optimized out>,
lines=lines@entry=1, cols=cols@entry=19) at widget-common.c:450
#1 0x000055d9c539ae14 in setup_cmdline () at layout.c:999
#2 0x000055d9c53f54d0 in set_prompt_string () at common.c:728
#3 set_prompt_string () at common.c:720
#4 read_subshell_prompt () at common.c:1575
#5 0x000055d9c539be56 in do_load_prompt () at layout.c:1473
#6 0x000055d9c539bee6 in load_prompt (fd=<optimized out>, unused=<optimized
out>) at layout.c:1502
#7 0x000055d9c5397a4a in check_selects
(select_set=select_set@entry=0x7ffe62e65cd0) at key.c:618
#8 0x000055d9c53998e1 in tty_get_event (event=event@entry=0x7ffe62e65da0,
redo_event=0, block=block@entry=1) at key.c:2055
#9 0x000055d9c5380d01 in frontend_dlg_run (h=0x55d9c66744c0) at dialog.c:318
#10 dlg_run (h=h@entry=0x55d9c66744c0) at dialog.c:575
#11 0x000055d9c53ad165 in quick_dialog_skip
(quick_dlg=quick_dlg@entry=0x7ffe62e65ed0, nskip=<optimized out>,
nskip@entry=1) at quick.c:581
#12 0x000055d9c53c01c6 in quick_dialog (quick_dlg=0x7ffe62e65ed0) at
../../lib/widget/quick.h:353
#13 fg_input_dialog_help (header=0x55d9c66732c0 "FTP: Passwort benötigt für ftpuser", text=<optimized
out>, help=0x55d9c5428833 "[Input Line Keys]", history_name=<optimized out>, def_text=0x55d9c542e960
"", strip_password=0, completion_flags=INPUT_COMPLETE_NONE) at wtools.c:226
#14 0x000055d9c53c0eeb in input_dialog (header=header@entry=0x55d9c66732c0 "FTP: Passwort benötigt für
ftpuser", text=<optimized out>, history_name=history_name@entry=0x55d9c542872a
"mc.vfs.password", def_text=def_text@entry=0xffffffffffffffff <error: Cannot access memory at
address 0xffffffffffffffff>, completion_flags=completion_flags@entry=INPUT_COMPLETE_NONE) at wtools.c:506
#15 0x000055d9c53be3f4 in vfs_get_password (msg=msg@entry=0x55d9c66732c0 "FTP:
Passwort benötigt für ftpuser") at utilvfs.c:365
#16 0x000055d9c53c5d21 in ftpfs_login_server (me=me@entry=0x55d9c5479e60
<ftpfs_subclass>, super=super@entry=0x55d9c6673210,
netrcpass=netrcpass@entry=0x0) at ftpfs.c:643
#17 0x000055d9c53c7bb8 in ftpfs_open_archive_int (super=0x55d9c6673210,
me=0x55d9c5479e60 <ftpfs_subclass>) at ftpfs.c:973
#18 ftpfs_open_archive (super=0x55d9c6673210, vpath=<optimized out>,
vpath_element=<optimized out>) at ftpfs.c:1028
#19 0x000055d9c53ccb1b in vfs_s_get_path (vpath=vpath@entry=0x55d9c6672f10,
archive=archive@entry=0x7ffe62e66450, flags=flags@entry=0) at direntry.c:1207
#20 0x000055d9c53ccc29 in vfs_s_inode_from_path
(vpath=vpath@entry=0x55d9c6672f10, flags=flags@entry=5) at direntry.c:398
#21 0x000055d9c53cce01 in vfs_s_opendir (vpath=0x55d9c6672f10) at direntry.c:426
#22 0x000055d9c53cce86 in vfs_s_chdir (vpath=<optimized out>) at direntry.c:496
#23 0x000055d9c5397167 in mc_chdir (vpath=vpath@entry=0x55d9c6672d20) at
interface.c:678
#24 0x000055d9c5387f95 in create_panels () at filemanager.c:665
#25 create_file_manager () at filemanager.c:924
#26 do_nc () at filemanager.c:1836
#27 0x000055d9c53754d1 in main (argc=<optimized out>, argv=<optimized out>) at
main.c:463
commit 0375997c789eef9b6355aadd80aaf4aced68c560
Author: Andrew Borodin <aboro...@vmail.ru>
Date: Tue May 18 10:09:33 2021 +0300
Ticket #4244: fix segfault on dialog before panels get visible.
If some small dialog (error message or password request) is displayed
before main mc window gets visible, the segfault occures.
The cause of segfault is update of prompt that is not created yet.
(setup_mc, create_file_manager): move creation of event channel from
setup_mc() to create_file_manager(), make that after creation of all
file manager widgets.
Signed-off-by: Andrew Borodin <aboro...@vmail.ru>
Index: mc-4.8.26/src/filemanager/filemanager.c
===================================================================
--- mc-4.8.26.orig/src/filemanager/filemanager.c
+++ mc-4.8.26/src/filemanager/filemanager.c
@@ -858,11 +858,6 @@ setup_mc (void)
#endif /* HAVE_CHARSET */
#endif /* HAVE_SLANG */
-#ifdef ENABLE_SUBSHELL
- if (mc_global.tty.use_subshell)
- add_select_channel (mc_global.tty.subshell_pty, load_prompt, NULL);
-#endif /* !ENABLE_SUBSHELL */
-
if ((tty_baudrate () < 9600) || mc_global.tty.slow_terminal)
verbose = FALSE;
}
@@ -941,6 +936,13 @@ create_file_manager (void)
the_bar = buttonbar_new (mc_global.keybar_visible);
group_add_widget (g, the_bar);
midnight_set_buttonbar (the_bar);
+
+#ifdef ENABLE_SUBSHELL
+ /* Must be done after creation of cmdline and promt widgets to avoid potential
+ NULL dereference in load_prompt() -> ... -> setup_cmdline() -> label_set_text(). */
+ if (mc_global.tty.use_subshell)
+ add_select_channel (mc_global.tty.subshell_pty, load_prompt, NULL);
+#endif /* !ENABLE_SUBSHELL */
}
/* --------------------------------------------------------------------------------------------- */
# 11-Bullseye/testing amd64 qemu VM 2021-09-17
apt update
apt dist-upgrade
apt install systemd-coredump proftpd-basic ftp devscripts quilt gdb gdbserver mc
apt install mc-dbgsym
apt build-dep mc
mkdir /home/benutzer/source/mc/orig -p
cd /home/benutzer/source/mc/orig
apt source mc
cd
mc -e /etc/proftpd/conf.d/custom.conf
<Global>
RequireValidShell off
</Global>
# Default directory is ftpusers home
DefaultRoot ~ ftpuser
# Limit login to the ftpuser group
<Limit LOGIN>
DenyGroup !ftpuser
</Limit>
systemctl restart proftpd.service
adduser ftpuser --shell /bin/false --home /var/www/upload
echo test > /var/www/upload/test
ftp 127.0.0.1
ftpuser
****
ls
mc /tmp ftp://ftpuser@127.0.0.1/
journalctl -f
Sep 17 13:31:55 debian kernel: mc[1459]: segfault at 38 ip 000055d9c53bf70c sp
00007ffe62e65b00 error 4 in mc[55d9c5373000+ad000]
Sep 17 13:31:55 debian kernel: Code: 89 44 24 18 31 c0 89 34 24 89 54 24 04 89
4c 24 08 44 89 44 24 0c 48 85 ff 74 0f 49 89 e0 31 c9 ba 10 00 00 00 31 f6 ff
57 28 <48> 8b 45 38 48 85 c0 74 06 f6 40 1a 01 75 1d 48 8b 44 24 18 64 48
Sep 17 13:31:55 debian systemd[1]: Started Process Core Dump (PID 1464/UID 0).
Sep 17 13:31:55 debian systemd-coredump[1465]: [🡕] Process 1459 (mc) of user
1000 dumped core.
Stack trace of thread 1459:
#0 0x000055d9c53bf70c
widget_set_size (mc + 0x6570c)
#1 0x000055d9c539ae14
setup_cmdline (mc + 0x40e14)
#2 0x000055d9c53f54d0
set_prompt_string (mc + 0x9b4d0)
#3 0x000055d9c539be56
do_load_prompt (mc + 0x41e56)
#4 0x000055d9c539bee6
load_prompt (mc + 0x41ee6)
#5 0x000055d9c5397a4a
check_selects (mc + 0x3da4a)
#6 0x000055d9c53998e1
tty_get_event (mc + 0x3f8e1)
#7 0x000055d9c5380d01
frontend_dlg_run (mc + 0x26d01)
#8 0x000055d9c53ad165
quick_dialog_skip (mc + 0x53165)
#9 0x000055d9c53c01c6
quick_dialog (mc + 0x661c6)
#10 0x000055d9c53c0eeb
input_dialog (mc + 0x66eeb)
#11 0x000055d9c53c5d21
ftpfs_login_server (mc + 0x6bd21)
#12 0x000055d9c53c7bb8
ftpfs_open_archive_int (mc + 0x6dbb8)
#13 0x000055d9c53ccb1b
vfs_s_get_path (mc + 0x72b1b)
#14 0x000055d9c53ccc29
vfs_s_inode_from_path (mc + 0x72c29)
#15 0x000055d9c53cce01
vfs_s_opendir (mc + 0x72e01)
#16 0x000055d9c53cce86
vfs_s_chdir (mc + 0x72e86)
#17 0x000055d9c5397167 mc_chdir
(mc + 0x3d167)
#18 0x000055d9c5387f95
create_panels (mc + 0x2df95)
#19 0x000055d9c53754d1 main (mc
+ 0x1b4d1)
#20 0x00007fb6adefdd0a
__libc_start_main (libc.so.6 + 0x26d0a)
#21 0x000055d9c53759da _start
(mc + 0x1b9da)
Sep 17 13:31:55 debian systemd[1]: systemd-coredump@2-1464-0.service: Succeeded.
coredumpctl list
TIME PID UID GID SIG COREFILE EXE
Fri 2021-09-17 13:31:55 CEST 1459 1000 1000 11 present /usr/bin/mc
cd /home/benutzer/source/mc/orig/mc-4.8.26/lib/widget
coredumpctl gdb 1459
PID: 1459 (mc)
UID: 1000 (benutzer)
GID: 1000 (benutzer)
Signal: 11 (SEGV)
Timestamp: Fri 2021-09-17 13:31:55 CEST (1min 7s ago)
Command Line: mc /tmp ftp://ftpuser@127.0.0.1/
Executable: /usr/bin/mc
Control Group: /user.slice/user-1000.slice/session-3.scope
Unit: session-3.scope
Slice: user-1000.slice
Session: 3
Owner UID: 1000 (benutzer)
Boot ID: 8934f05e303444b1adbc492a8a1eafe8
Machine ID: 33f18f39d2a9438eb75b0ed52848afcd
Hostname: debian
Storage:
/var/lib/systemd/coredump/core.mc.1000.8934f05e303444b1adbc492a8a1eafe8.1459.1631878315000000.zst
Message: Process 1459 (mc) of user 1000 dumped core.
...
Core was generated by `mc /tmp ftp://ftpuser@127.0.0.1/'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 widget_set_size (w=0x0, y=y@entry=59, x=<optimized out>,
lines=lines@entry=1, cols=cols@entry=19) at widget-common.c:450
450 if (w->owner != NULL && widget_get_state (WIDGET (w->owner),
WST_ACTIVE))
(gdb) set width 0
(gdb) set pagination off
(gdb) bt
#0 widget_set_size (w=0x0, y=y@entry=59, x=<optimized out>,
lines=lines@entry=1, cols=cols@entry=19) at widget-common.c:450
#1 0x000055d9c539ae14 in setup_cmdline () at layout.c:999
#2 0x000055d9c53f54d0 in set_prompt_string () at common.c:728
#3 set_prompt_string () at common.c:720
#4 read_subshell_prompt () at common.c:1575
#5 0x000055d9c539be56 in do_load_prompt () at layout.c:1473
#6 0x000055d9c539bee6 in load_prompt (fd=<optimized out>, unused=<optimized
out>) at layout.c:1502
#7 0x000055d9c5397a4a in check_selects
(select_set=select_set@entry=0x7ffe62e65cd0) at key.c:618
#8 0x000055d9c53998e1 in tty_get_event (event=event@entry=0x7ffe62e65da0,
redo_event=0, block=block@entry=1) at key.c:2055
#9 0x000055d9c5380d01 in frontend_dlg_run (h=0x55d9c66744c0) at dialog.c:318
#10 dlg_run (h=h@entry=0x55d9c66744c0) at dialog.c:575
#11 0x000055d9c53ad165 in quick_dialog_skip
(quick_dlg=quick_dlg@entry=0x7ffe62e65ed0, nskip=<optimized out>,
nskip@entry=1) at quick.c:581
#12 0x000055d9c53c01c6 in quick_dialog (quick_dlg=0x7ffe62e65ed0) at
../../lib/widget/quick.h:353
#13 fg_input_dialog_help (header=0x55d9c66732c0 "FTP: Passwort benötigt für
ftpuser", text=<optimized out>, help=0x55d9c5428833 "[Input Line Keys]",
history_name=<optimized out>, def_text=0x55d9c542e960 "", strip_password=0,
completion_flags=INPUT_COMPLETE_NONE) at wtools.c:226
#14 0x000055d9c53c0eeb in input_dialog (header=header@entry=0x55d9c66732c0
"FTP: Passwort benötigt für ftpuser", text=<optimized out>,
history_name=history_name@entry=0x55d9c542872a "mc.vfs.password",
def_text=def_text@entry=0xffffffffffffffff <error: Cannot access memory at
address 0xffffffffffffffff>,
completion_flags=completion_flags@entry=INPUT_COMPLETE_NONE) at wtools.c:506
#15 0x000055d9c53be3f4 in vfs_get_password (msg=msg@entry=0x55d9c66732c0 "FTP:
Passwort benötigt für ftpuser") at utilvfs.c:365
#16 0x000055d9c53c5d21 in ftpfs_login_server (me=me@entry=0x55d9c5479e60
<ftpfs_subclass>, super=super@entry=0x55d9c6673210,
netrcpass=netrcpass@entry=0x0) at ftpfs.c:643
#17 0x000055d9c53c7bb8 in ftpfs_open_archive_int (super=0x55d9c6673210,
me=0x55d9c5479e60 <ftpfs_subclass>) at ftpfs.c:973
#18 ftpfs_open_archive (super=0x55d9c6673210, vpath=<optimized out>,
vpath_element=<optimized out>) at ftpfs.c:1028
#19 0x000055d9c53ccb1b in vfs_s_get_path (vpath=vpath@entry=0x55d9c6672f10,
archive=archive@entry=0x7ffe62e66450, flags=flags@entry=0) at direntry.c:1207
#20 0x000055d9c53ccc29 in vfs_s_inode_from_path
(vpath=vpath@entry=0x55d9c6672f10, flags=flags@entry=5) at direntry.c:398
#21 0x000055d9c53cce01 in vfs_s_opendir (vpath=0x55d9c6672f10) at direntry.c:426
#22 0x000055d9c53cce86 in vfs_s_chdir (vpath=<optimized out>) at direntry.c:496
#23 0x000055d9c5397167 in mc_chdir (vpath=vpath@entry=0x55d9c6672d20) at
interface.c:678
#24 0x000055d9c5387f95 in create_panels () at filemanager.c:665
#25 create_file_manager () at filemanager.c:924
#26 do_nc () at filemanager.c:1836
#27 0x000055d9c53754d1 in main (argc=<optimized out>, argv=<optimized out>) at
main.c:463
(gdb) display/i $pc
1: x/i $pc
=> 0x55d9c53bf70c <widget_set_size+60>: mov 0x38(%rbp),%rax
(gdb) print/x $rbp
$1 = 0x0
(gdb) print w
$2 = (Widget *) 0x0
https://sources.debian.org/src/mc/3:4.8.26-1.1/lib/widget/widget-common.c/#L443
https://sources.debian.org/src/mc/3:4.8.27-1/lib/widget/widget-common.c/#L441
https://github.com/MidnightCommander/mc/commit/04f04ba130baf616f2d3f394a083c1323a5f79d2#diff-697046236ebdac93610dda08f694a7c4206813b800c687eb99eaaa32a287e53fR487
https://github.com/MidnightCommander/mc/commit/4b3b49faadd23fbd099fef7b8a52176e5b73d28d#diff-697046236ebdac93610dda08f694a7c4206813b800c687eb99eaaa32a287e53fR487
https://github.com/MidnightCommander/mc/commit/4faf4cb2d77dbe2a08d4c6d3ca7b87d0fff8487a#diff-697046236ebdac93610dda08f694a7c4206813b800c687eb99eaaa32a287e53fL450
gdbserver localhost:1234 mc /tmp ftp://ftpuser@127.0.0.1/
gdb -q
set width 0
set pagination off
target remote localhost:1234
b widget_set_size
b label_set_text
b tty_get_event
cont
directory /home/benutzer/source/mc/try5/mc-4.8.26/lib/tty
directory /home/benutzer/source/mc/orig/mc-4.8.27/lib/tty
git clone https://github.com/MidnightCommander/mc.git
cd mc
git checkout 4.8.26
./autogen.sh
./configure
make -j16
./src/mc /tmp ftp://ftpuser@127.0.0.1/
make clean
git reset --hard
git checkout master
git bisect start
git bisect good a88a626e76139259e5b6fc0db39045f051e243dd
git bisect bad 2b7c21bac6d656254ada7f5b116df3d7a832e469
...
git bisect bad
0375997c789eef9b6355aadd80aaf4aced68c560 is the first bad commit
commit 0375997c789eef9b6355aadd80aaf4aced68c560
Author: Andrew Borodin <aboro...@vmail.ru>
Date: Tue May 18 10:09:33 2021 +0300
Ticket #4244: fix segfault on dialog before panels get visible.
If some small dialog (error message or password request) is displayed
before main mc window gets visible, the segfault occures.
The cause of segfault is update of prompt that is not created yet.
(setup_mc, create_file_manager): move creation of event channel from
setup_mc() to create_file_manager(), make that after creation of all
file manager widgets.
Signed-off-by: Andrew Borodin <aboro...@vmail.ru>
src/filemanager/filemanager.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
https://github.com/MidnightCommander/mc/commit/0375997c789eef9b6355aadd80aaf4aced68c560
