classification
Title: curses: segfault in addstr()
Type: crash Stage: needs patch
Components: Extension Modules Versions: Python 3.2, Python 2.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: hut, serhiy.storchaka, vstinner
Priority: normal Keywords:

Created on 2012-08-08 02:35 by hut, last changed 2013-08-13 23:50 by vstinner. This issue is now closed.

Messages (5)
msg167653 - (view) Author: (hut) Date: 2012-08-08 02:35
Under certain circumstances, the curses function addstr() will cause a segfault in python3.2.3 and python2.7.3.

Necessary, but not sufficient conditions are:
1. the window has been resized while curses was running
2. addstr() attempts to write a string that doesn't fit into the window, resulting in the cursors y-position being outside of the boundaries (which would normally only raise a _curses.error)

Instead of the "Segmentation Fault" message, I also sometimes get one of these two messages when python crashes:
*** glibc detected *** python2.7: corrupted double-linked list: 0x0949cc98 ***
python2.7: malloc.c:3964: _int_free: Assertion `nextchunk->fd_nextsize->bk_nextsize == nextchunk' failed.

To my shame, I didn't try to debug python myself, and I can't offer a minimal program to reproduce this bug, but I did find a way to reproduce it in the python program "ranger":

Link to the bug in rangers bug tracker with steps to reproduce:
https://github.com/hut/ranger/issues/45

Download link to the affected version of ranger:
https://github.com/hut/ranger/tarball/5ee1e874cc5f9136af3a9a835b76076a85693bd0
msg173136 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2012-10-17 07:06
Is output an unicode string?
msg173145 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2012-10-17 08:58
Seems the bug was fixed for 3.3 in issue12567.
msg174855 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2012-11-05 00:41
> I can't offer a minimal program to reproduce this bug, but I did find a way to reproduce it in the python program "ranger"

Sorry, but without a smaller example program, I cannot help you on this issue. Please try to write a smaller program to reproduce the crash.
msg195108 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2013-08-13 23:50
"Seems the bug was fixed for 3.3 in issue12567."

"Sorry, but without a smaller example program, I cannot help you on this issue. Please try to write a smaller program to reproduce the crash."

Let say that the bug was fixed.
History
Date User Action Args
2013-08-13 23:50:15vstinnersetstatus: open -> closed
resolution: fixed
messages: + msg195108
2012-11-05 00:41:41vstinnersetmessages: + msg174855
2012-11-01 20:23:43serhiy.storchakasetnosy: + vstinner

type: crash
stage: needs patch
2012-10-17 08:58:58serhiy.storchakasetmessages: + msg173145
2012-10-17 07:06:53serhiy.storchakasetnosy: + serhiy.storchaka
messages: + msg173136
2012-08-08 02:35:56hutcreate