Ticket #2239 (closed defect: fixed)

Opened 6 years ago

Last modified 6 years ago

MC crash on copy into <dirname_with_LT_or_GT_signs>

Reported by: eshkrig Owned by: slavazanko
Priority: major Milestone: 4.7
Component: mc-core Version: 4.7.4
Keywords: Cc:
Blocked By: Blocking:
Branch state: Votes for changeset:

Description

Hi!
Sorry for my English.

There is a subject.

How to reproduce:
run mc
on the one panel create dir (F7) with name literally <123>
change dir to <123>
from the another panel copy (F5) any file

Attachments

mc_vg.log (6.1 KB) - added by eshkrig 6 years ago.
mc_vg_leak_check_full.log (317.2 KB) - added by eshkrig 6 years ago.

Change History

comment:1 Changed 6 years ago by andrew_b

Cannot reproduce. Would you provide more info as described in http://www.midnight-commander.org/wiki/doc/tracingCrash?

comment:2 Changed 6 years ago by zaytsev

Can't reproduce on 4.7.0.6.

comment:3 follow-up: ↓ 4 Changed 6 years ago by eshkrig

Program terminated with signal 11, Segmentation fault.
#0 0x000000381d6829c1 in strlen () from /lib/libc.so.6
(gdb) bt
#0 0x000000381d6829c1 in strlen () from /lib/libc.so.6
#1 0x000000000046b294 in concat_dir_and_file (dir=0x0, file=0x25c70b0 ".X0-lock") at util.c:1344
#2 0x000000000044cfd5 in panel_operate (source_panel=0x2589cb0, operation=OP_COPY, force_single=0) at file.c:2233
#3 0x000000000043eab9 in copy_cmd () at cmd.c:369
#4 0x000000000045f0d9 in midnight_execute_cmd (sender=0x25621c0, command=7009) at main.c:1224
#5 0x000000000045fbd3 in midnight_callback (h=0x2581f90, sender=0x25621c0, msg=DLG_ACTION, parm=7009, data=0x0) at main.c:1785
#6 0x0000000000430db6 in buttonbar_call (bb=0x25621c0, i=4) at widget.c:2856
#7 0x0000000000430e6b in buttonbar_callback (w=0x25621c0, msg=WIDGET_HOTKEY, parm=1005) at widget.c:2884
#8 0x000000000041e0c4 in send_message (w=0x25621c0, msg=WIDGET_HOTKEY, parm=1005) at ../src/dialog.h:242
#9 0x000000000041f23b in dlg_try_hotkey (h=0x2581f90, d_key=1005) at dialog.c:706
#10 0x000000000041f326 in dlg_key_event (h=0x2581f90, d_key=1005) at dialog.c:746
#11 0x000000000041f783 in dlg_process_event (h=0x2581f90, key=1005, event=0x7fff03da4340) at dialog.c:860
#12 0x000000000041f873 in frontend_run_dlg (h=0x2581f90) at dialog.c:894
#13 0x000000000041f8e9 in run_dlg (h=0x2581f90) at dialog.c:910
#14 0x000000000045ff0c in create_panels_and_run_mc () at main.c:1893
#15 0x00000000004602c3 in do_nc () at main.c:2006
#16 0x0000000000460c8f in main (argc=1, argv=0x7fff03da45a8) at main.c:2384
(gdb) bt full
#0 0x000000381d6829c1 in strlen () from /lib/libc.so.6
No symbol table info available.
#1 0x000000000046b294 in concat_dir_and_file (dir=0x0, file=0x25c70b0 ".X0-lock") at util.c:1344

i = 0

#2 0x000000000044cfd5 in panel_operate (source_panel=0x2589cb0, operation=OP_COPY, force_single=0) at file.c:2233

repl_dest = 0x0
temp2 = 0xff <Address 0xff out of bounds>
panel = 0x2589cb0
single_entry = 1
source = 0x25940c0 ".X0-lock"
source_with_path = 0x257cb60 "/tmp/.X0-lock"
dest = 0x259cbb0 "/tmp/
<123
>/"
temp = 0x25c70b0 ".X0-lock"
save_cwd = 0x0
save_dest = 0x0
src_stat = {st_dev = 65028, st_ino = 14, st_nlink = 1, st_mode = 33060, st_uid = 0, st_gid = 0, pad0 = 0, st_rdev = 0, st_size = 11, st_blksize =

4096, st_blocks = 8, st_atim = {tv_sec = 1276619959, tv_nsec = 838941610}, st_mtim = {tv_sec = 1276619959, tv_nsec = 839936511}, st_ctim = {tv_sec =
1276619959, tv_nsec = 839936511}, unused = {0, 0, 0}}

ret_val = 1
i = 0
value = FILE_CONT
ctx = 0x259cad0
tctx = 0x259efe0
do_bg = 0
i18n_flag = 1

#3 0x000000000043eab9 in copy_cmd () at cmd.c:369
No locals.
#4 0x000000000045f0d9 in midnight_execute_cmd (sender=0x25621c0, command=7009) at main.c:1224

res = MSG_HANDLED

#5 0x000000000045fbd3 in midnight_callback (h=0x2581f90, sender=0x25621c0, msg=DLG_ACTION, parm=7009, data=0x0) at main.c:1785

command = 4316446821613

#6 0x0000000000430db6 in buttonbar_call (bb=0x25621c0, i=4) at widget.c:2856

ret = MSG_NOT_HANDLED

#7 0x0000000000430e6b in buttonbar_callback (w=0x25621c0, msg=WIDGET_HOTKEY, parm=1005) at widget.c:2884

bb = 0x25621c0
i = 4
text = 0x1 <Address 0x1 out of bounds>

#8 0x000000000041e0c4 in send_message (w=0x25621c0, msg=WIDGET_HOTKEY, parm=1005) at ../src/dialog.h:242
No locals.
#9 0x000000000041f23b in dlg_try_hotkey (h=0x2581f90, d_key=1005) at dialog.c:706

hot_cur = 0x25621c0
handled = MSG_NOT_HANDLED
c = 1005

#10 0x000000000041f326 in dlg_key_event (h=0x2581f90, d_key=1005) at dialog.c:746

handled = MSG_NOT_HANDLED

#11 0x000000000041f783 in dlg_process_event (h=0x2581f90, key=1005, event=0x7fff03da4340) at dialog.c:860
No locals.
#12 0x000000000041f873 in frontend_run_dlg (h=0x2581f90) at dialog.c:894

d_key = 1005
event = {buttons = 112 'p', modifiers = 67 'C', vc = 986, dx = 32767, dy = 0, x = -1, y = 65, type = 0, clicks = 682362492, margin = 32587, wdx =

8080, wdy = 600}

#13 0x000000000041f8e9 in run_dlg (h=0x2581f90) at dialog.c:910
No locals.
#14 0x000000000045ff0c in create_panels_and_run_mc () at main.c:1893
No locals.
#15 0x00000000004602c3 in do_nc () at main.c:2006

midnight_colors = {6, 6, 6, 6}

#16 0x0000000000460c8f in main (argc=1, argv=0x7fff03da45a8) at main.c:2384

s = {st_dev = 65031, st_ino = 132030, st_nlink = 4, st_mode = 16888, st_uid = 1000, st_gid = 1014, pad0 = 0, st_rdev = 0, st_size = 4096,

st_blksize = 4096, st_blocks = 8, st_atim = {tv_sec = 1266086018, tv_nsec = 0}, st_mtim = {tv_sec = 1276626593, tv_nsec = 207809570}, st_ctim = {

tv_sec = 1276626593, tv_nsec = 207809570}, unused = {0, 0, 0}}

mc_dir = 0x2561b10 "."
error = 0x0
isInitialized = 1

comment:4 in reply to: ↑ 3 Changed 6 years ago by andrew_b

Replying to eshkrig:

#1 0x000000000046b294 in concat_dir_and_file (dir=0x0, file=0x25c70b0 ".X0-lock") at util.c:1344
#2 0x000000000044cfd5 in panel_operate (source_panel=0x2589cb0, operation=OP_COPY, force_single=0) at file.c:2233

mc_search_prepare_replace_str2() returns NULL before call of concat_dir_and_file(). It seems this is the same problem as in #2123. Incorrect string parsing is in mc_search__translate_replace_glob_to_regex().

comment:5 Changed 6 years ago by slavazanko

  • Owner set to slavazanko
  • Status changed from new to accepted
  • Blocked By 2123 added

comment:6 Changed 6 years ago by andrew_b

  • Blocked By 2123 removed

comment:7 Changed 6 years ago by andrew_b

  • Blocked By 2123 added

comment:8 Changed 6 years ago by eshkrig

version 4.7.3 also

comment:9 Changed 6 years ago by slavazanko

  • Blocked By 2123 removed

(In #2123) Merged to master: 45f4f2231769df69c624b24b08035a126b906752

git log --pretty=oneline 3108909..5c95084

comment:10 follow-up: ↓ 11 Changed 6 years ago by slavazanko

to eshkrig: check crash now, pease.

comment:11 in reply to: ↑ 10 ; follow-up: ↓ 15 Changed 6 years ago by eshkrig

  • Version changed from 4.7.2 to 4.7.3

Replying to slavazanko:

to eshkrig: check crash now, pease.

the problem still exists(4.7.3 + 45f4f2231769df69c624b24b08035a126b906752):

Core was generated by `/usr/bin/mc -P /tmp/mc-eshkrig/mc.pwd.2963 -d'.
Program terminated with signal 11, Segmentation fault.
#0 0x00007f6250e64082 in strlen () from /lib/libc.so.6
(gdb) bt
#0 0x00007f6250e64082 in strlen () from /lib/libc.so.6
#1 0x0000000000471185 in concat_dir_and_file (dir=0x0, file=0x7f94a0 ".X0-lock") at util.c:1327
#2 0x0000000000451820 in panel_operate (source_panel=0x7d0d20, operation=OP_COPY, force_single=0)

at file.c:2239

#3 0x0000000000443486 in copy_cmd () at cmd.c:397
#4 0x0000000000463b39 in midnight_execute_cmd (sender=0x7e1400, command=7010) at main.c:1206
#5 0x0000000000464710 in midnight_callback (h=0x7bb870, sender=0x7e1400, msg=DLG_ACTION, parm=7010,

data=0x0) at main.c:1767

#6 0x00000000004327a4 in buttonbar_call (bb=0x7e1400, i=4) at widget.c:3014
#7 0x0000000000432a3d in buttonbar_callback (w=0x7e1400, msg=WIDGET_HOTKEY, parm=1005)

at widget.c:3102

#8 0x000000000041ef40 in send_message (w=0x7e1400, msg=WIDGET_HOTKEY, parm=1005)

at ../src/dialog.h:268

#9 0x000000000042064f in dlg_try_hotkey (h=0x7bb870, d_key=1005) at dialog.c:847
#10 0x0000000000420773 in dlg_key_event (h=0x7bb870, d_key=1005) at dialog.c:894
#11 0x00000000004209a7 in dlg_process_event (h=0x7bb870, key=1005, event=0x7fffffffcd90)

at dialog.c:962

#12 0x0000000000420abb in frontend_run_dlg (h=0x7bb870) at dialog.c:1004
#13 0x0000000000420b8a in run_dlg (h=0x7bb870) at dialog.c:1034
#14 0x0000000000464a2c in create_panels_and_run_mc () at main.c:1879
#15 0x0000000000464c65 in do_nc () at main.c:1961
#16 0x0000000000465216 in main (argc=4, argv=0x7fffffffcff8) at main.c:2211

(gdb) bt full
#0 0x00007f6250e64082 in strlen () from /lib/libc.so.6
No symbol table info available.
#1 0x0000000000471185 in concat_dir_and_file (dir=0x0, file=0x7f94a0 ".X0-lock") at util.c:1327

i = 0

#2 0x0000000000451820 in panel_operate (source_panel=0x7d0d20, operation=OP_COPY, force_single=0)

at file.c:2239

repl_dest = 0x0
temp2 = 0x7d0d20 ""
panel = 0x7d0d20
single_entry = 1
source = 0x7dfa10 ".X0-lock"
source_with_path = 0x7b1630 "/tmp/.X0-lock"
dest = 0x7d5520 "/tmp/
<123
>/"
temp = 0x7f94a0 ".X0-lock"
save_cwd = 0x0
save_dest = 0x0
src_stat = {st_dev = 65029, st_ino = 12, st_nlink = 1, st_mode = 33060, st_uid = 0, st_gid =

0, pad0 = 0, st_rdev = 0, st_size = 11, st_blksize = 4096, st_blocks = 8, st_atim = {tv_sec =
1278079251, tv_nsec = 0}, st_mtim = {tv_sec = 1278079251, tv_nsec = 0}, st_ctim = {tv_sec =
1278079251, tv_nsec = 0},
unused = {0, 0, 0}}

ret_val = 1
i = -1
value = FILE_CONT
ctx = 0x7df200
tctx = 0x7d4e80
do_bg = 0
i18n_flag = 1

#3 0x0000000000443486 in copy_cmd () at cmd.c:397
No locals.
#4 0x0000000000463b39 in midnight_execute_cmd (sender=0x7e1400, command=7010) at main.c:1206

res = MSG_HANDLED

#5 0x0000000000464710 in midnight_callback (h=0x7bb870, sender=0x7e1400, msg=DLG_ACTION, parm=7010,

data=0x0) at main.c:1767

command = 0

#6 0x00000000004327a4 in buttonbar_call (bb=0x7e1400, i=4) at widget.c:3014

ret = MSG_NOT_HANDLED

#7 0x0000000000432a3d in buttonbar_callback (w=0x7e1400, msg=WIDGET_HOTKEY, parm=1005)

at widget.c:3102

bb = 0x7e1400
i = 4
text = 0x3ed00000005 <Address 0x3ed00000005 out of bounds>

#8 0x000000000041ef40 in send_message (w=0x7e1400, msg=WIDGET_HOTKEY, parm=1005)

at ../src/dialog.h:268

No locals.
#9 0x000000000042064f in dlg_try_hotkey (h=0x7bb870, d_key=1005) at dialog.c:847

hot_cur = 0x7ac380 = {0x7e1400}
handled = MSG_NOT_HANDLED
c = 1005

#10 0x0000000000420773 in dlg_key_event (h=0x7bb870, d_key=1005) at dialog.c:894

handled = MSG_NOT_HANDLED

#11 0x00000000004209a7 in dlg_process_event (h=0x7bb870, key=1005, event=0x7fffffffcd90)

at dialog.c:962

No locals.
#12 0x0000000000420abb in frontend_run_dlg (h=0x7bb870) at dialog.c:1004

d_key = 1005
event = {buttons = 176 '\260', modifiers = 205 '\315', vc = 65535, dx = 32767, dy = 0, x = -1,

y = 66, type = 0, clicks = 8045984, margin = 0, wdx = -18320, wdy = 123}

#13 0x0000000000420b8a in run_dlg (h=0x7bb870) at dialog.c:1034
No locals.
#14 0x0000000000464a2c in create_panels_and_run_mc () at main.c:1879
No locals.
#15 0x0000000000464c65 in do_nc () at main.c:1961

midnight_colors = {8, 8, 8, 8}

#16 0x0000000000465216 in main (argc=4, argv=0x7fffffffcff8) at main.c:2211

s = {st_dev = 65031, st_ino = 279233, st_nlink = 4, st_mode = 16832, st_uid = 1002, st_gid =

1000, pad0 = 0, st_rdev = 0, st_size = 4096, st_blksize = 4096, st_blocks = 8, st_atim = {

tv_sec = 1255526738, tv_nsec = 0}, st_mtim = {tv_sec = 1278574649, tv_nsec = 0}, st_ctim =

{tv_sec = 1278574649, tv_nsec = 0}, unused = {0, 0, 0}}

mc_dir = 0x7b3640 "."
error = 0x0
isInitialized = 1

comment:12 Changed 6 years ago by andrew_b

What regexp engine do you use? PCRE or GLib? Which version of pcre or glib?

comment:13 Changed 6 years ago by slavazanko

Show output of 'mc -V' command, please

comment:14 Changed 6 years ago by eshkrig

I use Gentoo.
app-misc/mc's use-flags: X edit gpm nls slang
Seems, MC compiled with glib (as ldd show).

ldd /usr/bin/mc

linux-vdso.so.1 => (0x00007fe2e6d4c000)
libslang.so.2 => /usr/lib/libslang.so.2 (0x00007fe2e67c8000)
libext2fs.so.2 => /lib/libext2fs.so.2 (0x00007fe2e6598000)
libcom_err.so.2 => /lib/libcom_err.so.2 (0x00007fe2e6394000)
libgpm.so.1 => /lib/libgpm.so.1 (0x00007fe2e618d000)
libgmodule-2.0.so.0 => /usr/lib/libgmodule-2.0.so.0 (0x00007fe2e5f89000)
libdl.so.2 => /lib/libdl.so.2 (0x00007fe2e5d85000)
libglib-2.0.so.0 => /usr/lib/libglib-2.0.so.0 (0x00007fe2e5aa0000)
libc.so.6 => /lib/libc.so.6 (0x00007fe2e5726000)
libm.so.6 => /lib/libm.so.6 (0x00007fe2e54a2000)
/lib64/ld-linux-x86-64.so.2 (0x00007fe2e6b2d000)
libpthread.so.0 => /lib/libpthread.so.0 (0x00007fe2e5285000)
libncurses.so.5 => /lib/libncurses.so.5 (0x00007fe2e5035000)

Library versions:
dev-libs/libpcre-7.9-r1
dev-libs/glib-2.22.5

mc -V oputput:
GNU Midnight Commander 4.7.3
Virtual File Systems: tarfs, extfs, cpiofs, ftpfs, fish, undelfs
With builtin Editor
Using system-installed S-Lang library with terminfo database
With subshell support as default
With support for background operations
With mouse support on xterm and Linux console
With support for X11 events
With internationalization support
With multiple codepages support
Data types: char: 8; int: 32; long: 64; void *: 64; size_t: 64; off_t: 64;

comment:15 in reply to: ↑ 11 ; follow-up: ↓ 16 Changed 6 years ago by slyfox

Replying to eshkrig:

Replying to slavazanko:

to eshkrig: check crash now, pease.

the problem still exists(4.7.3 + 45f4f2231769df69c624b24b08035a126b906752):

AFAIU, the problem still didn't go away, right? Can you provide more recent crash? I'm afraid I can't reproduce it here (mostly stable gentoo/amd64 box here).

Looks like something got seriously corrupted.

valgrind traces could reveal some things too:

    # build mc with debug info

    $ valgind --log-file=mc_vg.log /path/to/mc/binary

    # make it crash
    # attach mc_vg.log

It's usually a good idea to paste raw gdb dumps framed with
{{{
some code
}}}

comment:16 in reply to: ↑ 15 Changed 6 years ago by eshkrig

AFAIU, the problem still didn't go away, right? Can you provide more recent crash? I'm afraid I can't reproduce it here (mostly stable gentoo/amd64 box here).

right

Looks like something got seriously corrupted.

valgrind traces could reveal some things too:

    # build mc with debug info

    $ valgind --log-file=mc_vg.log /path/to/mc/binary

    # make it crash
    # attach mc_vg.log

4.7.3 + 45f4f2231769df69c624b24b08035a126b906752

I will attach 2 files from commands:
valgrind --log-file=mc_vg.log /usr/bin/mc
valgrind --leak-check=full --log-file=mc_vg_leak_check_full.log /usr/bin/mc

Changed 6 years ago by eshkrig

Changed 6 years ago by eshkrig

comment:17 Changed 6 years ago by eshkrig

  • Status changed from accepted to testing
  • Version changed from 4.7.3 to 4.7.4
  • Resolution set to fixed

Problem fixed in version 4.7.4

comment:18 Changed 6 years ago by andrew_b

  • Status changed from testing to closed

OK. Closed.

Note: See TracTickets for help on using tickets.