New submission from Martin Liška <marxin.li...@gmail.com>:
Note -D_FORTIFY_SOURCE=3 will come newly with GCC12. So I noticed the following
error:
demo.py:
```python
import curses
curses.initscr()
curses.unget_wch('a')
```
Error message:
*** buffer overflow detected ***: terminated
Backtrace:
#0 __pthread_kill_implementation (threadid=<optimized out>,
signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1 0x00007ffff7d1e1e3 in __pthread_kill_internal (signo=6, threadid=<optimized
out>) at pthread_kill.c:78
#2 0x00007ffff7cce306 in __GI_raise (sig=sig@entry=6) at
../sysdeps/posix/raise.c:26
#3 0x00007ffff7cb7813 in __GI_abort () at abort.c:79
#4 0x00007ffff7d111b7 in __libc_message (action=action@entry=do_abort,
fmt=fmt@entry=0x7ffff7e573cf "*** %s ***: terminated\n") at
../sysdeps/posix/libc_fatal.c:155
#5 0x00007ffff7db630a in __GI___fortify_fail (msg=msg@entry=0x7ffff7e57375
"buffer overflow detected") at fortify_fail.c:26
#6 0x00007ffff7db48b6 in __GI___chk_fail () at chk_fail.c:28
#7 0x00007ffff7db5be8 in __wcrtomb_chk (s=s@entry=0xaae440 "\376\271\255",
wchar=wchar@entry=97 L'a', ps=ps@entry=0x7fffffffd4f0, buflen=buflen@entry=1)
at wcrtomb_chk.c:31
#8 0x00007ffff7a18b31 in wcrtomb (__ps=<optimized out>, __wchar=<optimized
out>, __s=<optimized out>, __s=<optimized out>, __wchar=<optimized out>,
__ps=<optimized out>) at /usr/include/bits/wchar2.h:402
#9 unget_wch_sp (sp=0xab0920, wch=97 L'a') at
../ncurses/./widechar/lib_unget_wch.c:89
#10 0x00007ffff7a18b61 in unget_wch (wch=<optimized out>) at
../ncurses/./widechar/lib_unget_wch.c:113
#11 0x00007ffff7a55be5 in _curses_unget_wch (module=<optimized out>, ch='a') at
/home/marxin/Programming/cpython/Modules/_cursesmodule.c:4497
#12 0x00000000006f6669 in cfunction_vectorcall_O (func=<built-in method
unget_wch of module object at remote 0x7ffff7a8f4a0>, args=0x7ffff7b355b0,
nargsf=<optimized out>, kwnames=0x0) at Objects/methodobject.c:512
#13 0x000000000042d0e8 in _PyObject_VectorcallTstate (kwnames=0x0,
nargsf=<optimized out>, args=<optimized out>, callable=<built-in method
unget_wch of module object at remote 0x7ffff7a8f4a0>, tstate=<optimized out>)
at ./Include/cpython/abstract.h:114
#14 PyObject_Vectorcall (kwnames=0x0, nargsf=<optimized out>, args=<optimized
out>, callable=<built-in method unget_wch of module object at remote
0x7ffff7a8f4a0>) at ./Include/cpython/abstract.h:123
#15 call_function (kwnames=0x0, oparg=<optimized out>, pp_stack=<synthetic
pointer>, bounds=0x7fffffffd640, tstate=0xa70520) at Python/ceval.c:5379
#16 _PyEval_EvalFrameDefault (tstate=<optimized out>, f=<optimized out>,
throwflag=<optimized out>) at Python/ceval.c:3772
So as seen __wcrtomb_chk is called with buflen == 1 and the function aborts if:
size_t
__wcrtomb_chk (char *s, wchar_t wchar, mbstate_t *ps, size_t buflen)
{
/* We do not have to implement the full wctomb semantics since we
know that S cannot be NULL when we come here. */
if (buflen < MB_CUR_MAX)
__chk_fail ();
return __wcrtomb (s, wchar, ps);
}
Where MB_CUR_MAX == 6.
So the question is if the issue is in libcurses library (that is compiler with
-D_FORTIFY_SOURCE=3), or in Modules/_cursesmodule.c?
----------
messages: 416495
nosy: Martin Liška
priority: normal
severity: normal
status: open
title: ncurses: *** buffer overflow detected ***: terminated with
-D_FORTIFY_SOURCE=3
_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue47188>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
