This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: ncurses: *** buffer overflow detected ***: terminated with -D_FORTIFY_SOURCE=3
Type: Stage: resolved
Components: Versions:
Status: closed Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: Martin Liška, siddhesh
Priority: normal Keywords:

Created on 2022-04-01 15:25 by Martin Liška, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Messages (2)
msg416495 - (view) Author: Martin Liška (Martin Liška) * Date: 2022-04-01 15:25
Note -D_FORTIFY_SOURCE=3 will come newly with GCC12. So I noticed the following error:
import curses


Error message:
*** buffer overflow detected ***: terminated

#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1  0x00007ffff7d1e1e3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2  0x00007ffff7cce306 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3  0x00007ffff7cb7813 in __GI_abort () at abort.c:79
#4  0x00007ffff7d111b7 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff7e573cf "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155
#5  0x00007ffff7db630a in __GI___fortify_fail (msg=msg@entry=0x7ffff7e57375 "buffer overflow detected") at fortify_fail.c:26
#6  0x00007ffff7db48b6 in __GI___chk_fail () at chk_fail.c:28
#7  0x00007ffff7db5be8 in __wcrtomb_chk (s=s@entry=0xaae440 "\376\271\255", wchar=wchar@entry=97 L'a', ps=ps@entry=0x7fffffffd4f0, buflen=buflen@entry=1) at wcrtomb_chk.c:31
#8  0x00007ffff7a18b31 in wcrtomb (__ps=<optimized out>, __wchar=<optimized out>, __s=<optimized out>, __s=<optimized out>, __wchar=<optimized out>, __ps=<optimized out>) at /usr/include/bits/wchar2.h:402
#9  unget_wch_sp (sp=0xab0920, wch=97 L'a') at ../ncurses/./widechar/lib_unget_wch.c:89
#10 0x00007ffff7a18b61 in unget_wch (wch=<optimized out>) at ../ncurses/./widechar/lib_unget_wch.c:113
#11 0x00007ffff7a55be5 in _curses_unget_wch (module=<optimized out>, ch='a') at /home/marxin/Programming/cpython/Modules/_cursesmodule.c:4497
#12 0x00000000006f6669 in cfunction_vectorcall_O (func=<built-in method unget_wch of module object at remote 0x7ffff7a8f4a0>, args=0x7ffff7b355b0, nargsf=<optimized out>, kwnames=0x0) at Objects/methodobject.c:512
#13 0x000000000042d0e8 in _PyObject_VectorcallTstate (kwnames=0x0, nargsf=<optimized out>, args=<optimized out>, callable=<built-in method unget_wch of module object at remote 0x7ffff7a8f4a0>, tstate=<optimized out>) at ./Include/cpython/abstract.h:114
#14 PyObject_Vectorcall (kwnames=0x0, nargsf=<optimized out>, args=<optimized out>, callable=<built-in method unget_wch of module object at remote 0x7ffff7a8f4a0>) at ./Include/cpython/abstract.h:123
#15 call_function (kwnames=0x0, oparg=<optimized out>, pp_stack=<synthetic pointer>, bounds=0x7fffffffd640, tstate=0xa70520) at Python/ceval.c:5379
#16 _PyEval_EvalFrameDefault (tstate=<optimized out>, f=<optimized out>, throwflag=<optimized out>) at Python/ceval.c:3772

So as seen __wcrtomb_chk is called with buflen == 1 and the function aborts if:

__wcrtomb_chk (char *s, wchar_t wchar, mbstate_t *ps, size_t buflen)
  /* We do not have to implement the full wctomb semantics since we
     know that S cannot be NULL when we come here.  */
  if (buflen < MB_CUR_MAX)
    __chk_fail ();

  return __wcrtomb (s, wchar, ps);

Where MB_CUR_MAX == 6.

So the question is if the issue is in libcurses library (that is compiler with -D_FORTIFY_SOURCE=3), or in Modules/_cursesmodule.c?
msg416844 - (view) Author: Martin Liška (Martin Liška) * Date: 2022-04-06 08:13
So the issue is ncurses, closing here.
Date User Action Args
2022-04-11 14:59:57adminsetgithub: 91344
2022-04-06 08:13:27Martin Liškasetstatus: open -> closed

messages: + msg416844
stage: resolved
2022-04-02 03:03:19siddheshsetnosy: + siddhesh
2022-04-01 15:25:59Martin Liškacreate