[issue47188] ncurses: *** buffer overflow detected ***: terminated with -D_FORTIFY_SOURCE=3

2022-04-06 Thread Martin Liška 

Martin Liška  added the comment:

So the issue is ncurses, closing here.

--
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue47188] ncurses: *** buffer overflow detected ***: terminated with -D_FORTIFY_SOURCE=3

2022-04-01 Thread Siddhesh Poyarekar 


Change by Siddhesh Poyarekar :


--
nosy: +siddhesh

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue47188] ncurses: *** buffer overflow detected ***: terminated with -D_FORTIFY_SOURCE=3

2022-04-01 Thread Martin Liška 

New submission from Martin Liška :

Note -D_FORTIFY_SOURCE=3 will come newly with GCC12. So I noticed the following 
error:

demo.py:
```python
import curses

curses.initscr()
curses.unget_wch('a')
```

Error message:
*** buffer overflow detected ***: terminated

Backtrace:
#0  __pthread_kill_implementation (threadid=, 
signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1  0x77d1e1e3 in __pthread_kill_internal (signo=6, threadid=) at pthread_kill.c:78
#2  0x77cce306 in __GI_raise (sig=sig@entry=6) at 
../sysdeps/posix/raise.c:26
#3  0x77cb7813 in __GI_abort () at abort.c:79
#4  0x77d111b7 in __libc_message (action=action@entry=do_abort, 
fmt=fmt@entry=0x77e573cf "*** %s ***: terminated\n") at 
../sysdeps/posix/libc_fatal.c:155
#5  0x77db630a in __GI___fortify_fail (msg=msg@entry=0x77e57375 
"buffer overflow detected") at fortify_fail.c:26
#6  0x77db48b6 in __GI___chk_fail () at chk_fail.c:28
#7  0x77db5be8 in __wcrtomb_chk (s=s@entry=0xaae440 "\376\271\255", 
wchar=wchar@entry=97 L'a', ps=ps@entry=0x7fffd4f0, buflen=buflen@entry=1) 
at wcrtomb_chk.c:31
#8  0x77a18b31 in wcrtomb (__ps=, __wchar=, __s=, __s=, __wchar=, 
__ps=) at /usr/include/bits/wchar2.h:402
#9  unget_wch_sp (sp=0xab0920, wch=97 L'a') at 
../ncurses/./widechar/lib_unget_wch.c:89
#10 0x77a18b61 in unget_wch (wch=) at 
../ncurses/./widechar/lib_unget_wch.c:113
#11 0x77a55be5 in _curses_unget_wch (module=, ch='a') at 
/home/marxin/Programming/cpython/Modules/_cursesmodule.c:4497
#12 0x006f6669 in cfunction_vectorcall_O (func=, args=0x77b355b0, 
nargsf=, kwnames=0x0) at Objects/methodobject.c:512
#13 0x0042d0e8 in _PyObject_VectorcallTstate (kwnames=0x0, 
nargsf=, args=, callable=, tstate=) 
at ./Include/cpython/abstract.h:114
#14 PyObject_Vectorcall (kwnames=0x0, nargsf=, args=, callable=) at ./Include/cpython/abstract.h:123
#15 call_function (kwnames=0x0, oparg=, pp_stack=, bounds=0x7fffd640, tstate=0xa70520) at Python/ceval.c:5379
#16 _PyEval_EvalFrameDefault (tstate=, f=, 
throwflag=) at Python/ceval.c:3772

So as seen __wcrtomb_chk is called with buflen == 1 and the function aborts if:

size_t
__wcrtomb_chk (char *s, wchar_t wchar, mbstate_t *ps, size_t buflen)
{
  /* We do not have to implement the full wctomb semantics since we
 know that S cannot be NULL when we come here.  */
  if (buflen < MB_CUR_MAX)
__chk_fail ();

  return __wcrtomb (s, wchar, ps);
}

Where MB_CUR_MAX == 6.

So the question is if the issue is in libcurses library (that is compiler with 
-D_FORTIFY_SOURCE=3), or in Modules/_cursesmodule.c?

--
messages: 416495
nosy: Martin Liška
priority: normal
severity: normal
status: open
title: ncurses: *** buffer overflow detected ***: terminated with 
-D_FORTIFY_SOURCE=3

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com