Issue 35924: curses segfault resizing window (original) (raw)

Created on 2019-02-07 00:02 by Josiah Ulfers, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
cursesfault.py Josiah Ulfers,2019-02-07 00:02
Pull Requests
URL Status Linked Edit
PR 13209 merged a.badger,2019-05-08 19:38
Messages (9)
msg334991 - (view) Author: Josiah Ulfers (Josiah Ulfers) Date: 2019-02-07 00:02
To provoke a segmentation fault, run the attached, then grab the top or bottom edge of the window. Move it down or up until it overlaps the box. Might need to wiggle the edge a little, but it's reliably reproducible. Expected error, which is what happens when dragging the left or right edge instead of the top or bottom: Traceback (most recent call last): File "cursesfault.py", line 12, in curses.wrapper(main) File "/usr/lib64/python3.6/curses/__init__.py", line 94, in wrapper return func(stdscr, *args, **kwds) File "cursesfault.py", line 9, in main w.addstr(0, 0, box) _curses.error: addwstr() returned ERR Actual error message varies a little. It's either: *** Error in `python3': corrupted size vs. prev_size: 0x000055b3055ba820 *** Aborted (core dumped) Or: *** Error in `python3': double free or corruption (!prev): 0x000055b61e1ffbb0 *** Aborted (core dumped) Or: *** Error in `python': malloc(): memory corruption: 0x0000564907a5a4f0 *** Aborted (core dumped) Possibly relates to --- Python 2.7.14 and 3.6.5 OpenSUSE 15.0 KDE Plasma 5.12.6 uname -a Linux ... 4.12.14-lp150.12.45-default #1 SMP Mon Jan 14 20:29:59 UTC 2019 (7a62739) x86_64 x86_64 x86_64 GNU/Linux
msg337718 - (view) Author: Lisa Roach (lisroach) * (Python committer) Date: 2019-03-12 04:06
I am able to confirm the repro, I haven't been able to find the root cause of it yet though. Trying to dig into it.
msg341802 - (view) Author: Toshio Kuratomi (a.badger) * Date: 2019-05-07 19:09
I'm still debugging this but it may be an off-by-one error in ncurses, wresize.c. I've found that if I modify the following section in ncurses, our problem goes away: /* * Dispose of unwanted memory. */ if (!(win->_flags & _SUBWIN)) { if (ToCols == size_x) { for (row = ToLines + 1; row <= size_y; row++) { free(win->_line[row].text); } } else { for (row = 0; row <= size_y; row++) { free(win->_line[row].text); } } } free(win->_line); win->_line = new_lines; Replacing: for (row = ToLines + 1; row <= size_y; row++) { with: for (row = ToLines + 2; row <= size_y; row++) { fixes this error. ToLines is a parameter passed in to wresize. wresize will reuse ToLines number of rows from the old structure in the new structure. Due to that, I think that the chances are good that it is ncurses which is at fault here. I will try to rewrite the test case into a C program and then submit a bug report to ncurses upstream. I'm not sure that there's a way we can work around this until that's fixed.
msg341893 - (view) Author: Toshio Kuratomi (a.badger) * Date: 2019-05-08 15:53
I've diagnosed this a bit further and have a workaround for you. It appears that using addstr() with a string with embedded newlines is a piece of the problem. If I modify your example program so that we add each line as a separate string instead of adding them as a single string with embedded newlines, we get the ncurses ERR on resize instead of a segfault: import curses def main(stdscr): y, x = curses.LINES//3, curses.COLS//3 # size is arbitrary box = '\n'.join('+'*x for _ in range(y)) w = stdscr.subwin(y, x+1, y, x) while True: new_box = box[:] w.clear() for offset, line in enumerate(box.splitlines()): w.addstr(offset, 0, line) w.getch() # not required, just avoids a hot loop curses.wrapper(main) I don't see anything in the curses specification that forbids embedded newlines in the string to addstr(), though, so I am still thinking that this is a bug in ncurses.
msg341925 - (view) Author: Toshio Kuratomi (a.badger) * Date: 2019-05-08 18:29
My upstream (ncurses) bug report: http://lists.gnu.org/archive/html/bug-ncurses/2019-05/msg00010.html
msg342266 - (view) Author: Toshio Kuratomi (a.badger) * Date: 2019-05-12 21:12
Hi Josiah, I've tested my sample program and it looks like the segmentation fault is fixed with ncurses-6.1-20190511: http://lists.gnu.org/archive/html/bug-ncurses/2019-05/msg00013.html Are you able to give that a try and see whether it resolves the issue for you as well? For the Core devs; Assuming this is fixed in a newer ncurses, how would you like to proceed with this bug? I have a documentation PR to tell people about the bug in ncurses and the workaround: https://github.com/python/cpython/pull/13209 I can update that to mention the version of ncurses that this is fixed in if you want that. Other than that, I'm not sure what more we can do.
msg342776 - (view) Author: Lisa Roach (lisroach) * (Python committer) Date: 2019-05-17 22:54
Thank you for all the work you did on this Toshio! I think we are good to close this issue.
msg342786 - (view) Author: Josiah Ulfers (Josiah Ulfers) Date: 2019-05-18 02:36
Yes, thanks Toshio and Lisa and sorry for the slow response. I just now built a Python 3.7.3 against ncurses-6.1-20190511 and can confirm it resolved the issue.
msg342787 - (view) Author: Josiah Ulfers (Josiah Ulfers) Date: 2019-05-18 02:38
Yes, thanks Toshio and Lisa and sorry for the slow response. I just now built a Python 3.7.3 against ncurses-6.1-20190511 and can confirm it resolved the issue.
History
Date User Action Args
2022-04-11 14:59:11 admin set github: 80105
2019-05-18 02:38:00 Josiah Ulfers set status: closedmessages: +
2019-05-18 02:36:11 Josiah Ulfers set status: open -> (no value)messages: +
2019-05-17 22:54:43 lisroach set messages: + stage: patch review -> resolved
2019-05-12 21:12:02 a.badger set messages: +
2019-05-08 19:38:22 a.badger set keywords: + patchstage: patch reviewpull_requests: + <pull%5Frequest13120>
2019-05-08 18:29:50 a.badger set messages: +
2019-05-08 15:53:50 a.badger set messages: +
2019-05-07 19:09:11 a.badger set nosy: + a.badgermessages: +
2019-03-12 04:06:32 lisroach set nosy: + lisroachmessages: +
2019-02-10 08:49:07 SilentGhost set nosy: + twouters
2019-02-07 00:02:21 Josiah Ulfers create