Debian bug report logs - #1088
ncurses - segfault in wnoutrefresh in dpkg 0.93.53

Message received at debian-bugs:

From pixar.com!bruce Sat Jul 22 20:49:16 1995
Return-Path: <bruce@pixar.com>
Received: from pixar.com by mongo.pixar.com with smtp
	(Smail3.1.28.1 #15) id m0sZs2W-0005QmC; Sat, 22 Jul 95 20:49 PDT
Received: from mongo.pixar.com by pixar.com with SMTP id AA22392
  (5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 22 Jul 1995 20:47:42 -0700
Received: by mongo.pixar.com (Smail3.1.28.1 #15)
	id m0sZryz-0005QmC; Sat, 22 Jul 95 20:45 PDT
Message-Id: <m0sZryz-0005QmC@mongo.pixar.com>
To: iwj10@cus.cam.ac.uk (Ian Jackson), debian-bugs@Pixar.com
Cc: bruce@Pixar.com
Subject: Re: Bug#1088: ncurses - segfault in wnoutrefresh 
In-Reply-To: Your message of "Sun, 23 Jul 1995 00:21:00 PDT."
             <m0sZnrH-0002ZZZ@chiark.al.cl.cam.ac.uk> 
Date: Sat, 22 Jul 1995 20:45:37 -0700
From: Bruce Perens <bruce@Pixar.com>

Yes, I did see the rectangle in the upper left rendered before everything
else, and I also saw some lines cleared and than rendered with one space
in the left before being redrawn with their proper contents. I put that
up to strange movement optimization, but I'll take it up with them.
Rather than have them look at the whole of dpkg, can you put the relevant
fragments (refreshing windows, etc.) in a mail message along with questions?
You'll be more likely to get a response that way.

	Thanks

	Bruce

Message received at debian-bugs:

From cus.cam.ac.uk!iwj10 Sat Jul 22 16:50:00 1995
Return-Path: <iwj10@cus.cam.ac.uk>
Received: from pixar.com by mongo.pixar.com with smtp
	(Smail3.1.28.1 #15) id m0sZoIy-0004BqC; Sat, 22 Jul 95 16:50 PDT
Received: from bootes.cus.cam.ac.uk by pixar.com with SMTP id AA09425
  (5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Sat, 22 Jul 1995 16:48:16 -0700
Received: by bootes.cus.cam.ac.uk 
	(Smail-3.1.29.0 #36) id m0sZoIi-000BzOC; Sun, 23 Jul 95 00:49 BST
Received: by chiark
	id <m0sZnrH-0002ZZZ@chiark.al.cl.cam.ac.uk>
	(Debian /\oo/\ Smail3.1.29.1 #29.32); Sun, 23 Jul 95 00:21 BST
Message-Id: <m0sZnrH-0002ZZZ@chiark.al.cl.cam.ac.uk>
Date: Sun, 23 Jul 95 00:21 BST
From: iwj10@cus.cam.ac.uk (Ian Jackson)
To: debian-bugs@Pixar.com
Subject: Re: Bug#1088: ncurses - segfault in wnoutrefresh 
In-Reply-To: <m0sZSOO-0003GFC@mongo.pixar.com>
References: <m0sZPLn-0002XVZ@chiark.al.cl.cam.ac.uk>
	<m0sZSOO-0003GFC@mongo.pixar.com>

Bruce Perens writes ("Re: Bug#1088: ncurses - segfault in wnoutrefresh "):
> iwj10@cus.cam.ac.uk said:
> > However it's still doing something very weird that I think is 
> > probably a bug somewere.
> 
> On my ANSI terminal emulation at work, it looked OK, though some of the 
> decisions it made about movement optimization were strange.

Sorry, I've not made myself clear.

You'll notice that it redraws a rectangle near the top left of the
package list before everything else.

I find this highly suspicious.  There is nothing in my code that makes
that rectangle special; the whole package list is a single pad which
is pnoutrefresh'd all at once.  The displayed data doesn't make it
special either.

I think that this bizarre redraw order is another symptom of the same
bug that caused the coredump with 1.9.2c.  It seems likely to me that
it is coincidence that with 1.9.3 the numbers that are the corners of
the rectangle are sane enough for it to redraw that part apparently
correctly, and that in 1.9.2c it just happened to be sufficiently
badly off to cause a coredump.

I won't be convinced that this rectangle isn't an abberation involving
some kind of incorrectly calculated quantities until someone shows me
how it was derived :-).

>  I'll look at it on 
> my Linux at home as soon as I can to see if it's a linux-terminfo problem. If
> it's solely a matter of not liking the movement optimization, I think we 
> should wait before complaining about that, as they've just worked over the 
> movement optimization for the next release.

No, I don't think it is just a problem with the movement optimization.

What I'd really like is for one of the ncurses team to look over my
code and see what it ought to do and compare it with what it does.
If you point them to me I can explain the window/pad structures I'm
using, or answer their questions.

> What were you running it under? Xterm? The linux console? What was $TERM
> set to? Did it behave the same way under both xterm and the console?

TERM=xterm in an 80x24 xterm (3.1.1-1 at the time, but it does it with
3.1.1-2 too).

In fact, I've just tried it (0.93.62 dselect, List, Redraw) in an
80x37 xterm (3.1.1-2) and I get a segfault.  If I try making my xterm
bigger one line at a time I find that the earlier-drawn rectangle
shrinks, and that I get a segfault when it has shrunk to nothing.

I can't reproduce the problem with a 132x43 Linux console with
TERM=console or TERM=linux.  TERM=con132x43 (the default for my 1.2.10
kernel) produces a string of messages about errors in terminal entries
and then appears to hang.

Ian.

Message received at debian-bugs:

From pixar.com!bruce Fri Jul 21 17:27:16 1995
Return-Path: <bruce@pixar.com>
Received: from pixar.com by mongo.pixar.com with smtp
	(Smail3.1.28.1 #15) id m0sZSPT-0003DbC; Fri, 21 Jul 95 17:27 PDT
Received: from mongo.pixar.com by pixar.com with SMTP id AA24124
  (5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Fri, 21 Jul 1995 17:25:41 -0700
Received: by mongo.pixar.com (Smail3.1.28.1 #15)
	id m0sZSOO-0003GFC; Fri, 21 Jul 95 17:26 PDT
Message-Id: <m0sZSOO-0003GFC@mongo.pixar.com>
X-Mailer: exmh version 1.6.2 7/18/95
To: iwj10@cus.cam.ac.uk (Ian Jackson), debian-bugs@Pixar.com
Cc: bruce@Pixar.com
Subject: Re: Bug#1088: ncurses - segfault in wnoutrefresh 
In-Reply-To: Your message of "Fri, 21 Jul 1995 22:11:00 PDT."
             <m0sZPLn-0002XVZ@chiark.al.cl.cam.ac.uk> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Fri, 21 Jul 1995 17:26:08 -0700
From: Bruce Perens <bruce@Pixar.com>


iwj10@cus.cam.ac.uk said:
> However it's still doing something very weird that I think is 
> probably a bug somewere.

On my ANSI terminal emulation at work, it looked OK, though some of the 
decisions it made about movement optimization were strange. I'll look at it on 
my Linux at home as soon as I can to see if it's a linux-terminfo problem. If
it's solely a matter of not liking the movement optimization, I think we 
should wait before complaining about that, as they've just worked over the 
movement optimization for the next release.

What were you running it under? Xterm? The linux console? What was $TERM
set to? Did it behave the same way under both xterm and the console?

If I'm seeing what you are complaining about, I'm perhaps not recognizing it.
Can I have a few more words about what "something very weird" is?

	Thanks

	Bruce


--
-- Attention Ham Radio Operators: For information on "Linux for Hams", read
-- the World Wide Web page http://www.hams.com/perens/LinuxForHams, or send
-- an e-mail message containing the word "help" to info@hams.com .

Message received at debian-bugs:

From cus.cam.ac.uk!iwj10 Fri Jul 21 16:11:26 1995
Return-Path: <iwj10@cus.cam.ac.uk>
Received: from pixar.com by mongo.pixar.com with smtp
	(Smail3.1.28.1 #15) id m0sZRE6-000B84C; Fri, 21 Jul 95 16:11 PDT
Received: from bootes.cus.cam.ac.uk by pixar.com with SMTP id AA15844
  (5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Fri, 21 Jul 1995 16:08:12 -0700
Received: by bootes.cus.cam.ac.uk 
	(Smail-3.1.29.0 #36) id m0sZQ2k-000C0jC; Fri, 21 Jul 95 22:55 BST
Received: by chiark
	id <m0sZPLn-0002XVZ@chiark.al.cl.cam.ac.uk>
	(Debian /\oo/\ Smail3.1.29.1 #29.32); Fri, 21 Jul 95 22:11 BST
Message-Id: <m0sZPLn-0002XVZ@chiark.al.cl.cam.ac.uk>
Date: Fri, 21 Jul 95 22:11 BST
From: iwj10@cus.cam.ac.uk (Ian Jackson)
To: debian-bugs@pixar.com
Subject: Re: Bug#1088: ncurses - segfault in wnoutrefresh
In-Reply-To: <m0sYQhm-000604C@mongo.pixar.com>
References: <m0sYQhm-000604C@mongo.pixar.com>

Bruce Perens writes:
> Ian, is this still happening with ncurses-1.9.3 ?

No, it's not.  However it's still doing something very weird that I
think is probably a bug somewhere.

Here is a typescript which demonstrates the effect.  For best results
use something like
 slowprint 0.001 <typescript
to see what's going on.  (slowprint is the Perl script below.)

This was in an 80x24 xterm.

Can we please keep this bug open until the question of precisely how I
should refresh the display in dselect is resolved, as well as all the
related ncurses code and documentation bugs ?

Ian.

#!/usr/bin/perl
$v=join("",<STDIN>); $|=1;
$overhead= 0.0125;
$delay= @ARGV ? $ARGV[0]+0 : 0.025;
$per=1;
while ($delay < $overhead) { $per*=2; $delay*=2; }
$delay -= $overhead;
while (length($v)) {
    print substr($v,0,$per); $v=substr($v,$per);
    select("","","",$delay);
}

begin 664 typescript.gz
M'XL(``,7$#`"`^U:6T_;2!1^K[2_("_G#8H@8),K:+OBUJ8%45I@M2M$RV!/
MXEE\B69L0E[ZV_<<SXQ)`%M`Z+9=Q4+R)./YYER_<V+FV)-BF()*F4RY#TD,
M;Z6`#UD(K@.NN['6VF@VP>EVFZ]J9W\X0>UW+Q!,7FU\6_TGBZ_>P+?5-!#Q
M0*WZ_%*P>-4?7@U6UNK=]7K+7?45#[F7VCO\EH.$M3>U-@X:[:!VUJN=N1]J
M9TZTFZ^'=X>GJP<BSF[@PJQ:@"'SKMB`0\!B/\3-H"^3..6Q7\?%FPY"1%`[
M6\]'[0B68*T.9\?G/,V&H*^=($D4AS3@(&)4-@Q9*E#9B*=!XD.:0*9X'1ZZ
M:F<-LP6`@[A;Y]=,A&;R=.BSE$,H5`I)'QA-L<N06Y'5,H@^#!.E!'Z+XC81
M"]>Y"'1P3JO,=:P--`J$%Q2+22XC+BPF$GQN/KU&I)9&6D>DT_.8EAB1]%C;
M#EVJDGXZ8I(V;^LE#5RR<Y[$?3$PULG'F>03.P<L17M?<[CD/(8L!^5D\(X&
M:2+(YW,>)?A(?GW68[O=K0#]2<ESLR-*5Z.T$.73>28*.WRBL7$\/N:LT7-X
M=W(?.-$I>O'+$6`@P)?#9?`RJ1#^BH_)TK%(!0LAY&G*)7Y!&XN!2'-#:LQ-
M!*&0.9)<*=@[/-G[3),>64!&YB$2$67Y<D!3DON2C4!Y$@U!(JT7$>=09/R)
M6U$HF9BODSF'8RD&00J+.Z\I=QK+E$#P'L/[`YI1Y19P*!1.`J$`__H(7IAN
M$\70L8K)`.]XS"5J=91=AL*#`^'QV.-P;;9U$8E"`75%XW*9F]M#"2A/4"U?
MD#H*Q3H).+H%-SO\"+B-9'$Z)CG:QL0=<^_JNVM,[SKF[IK[NKDW]'U]L[-&
M>=?=19.];.(U;S-ZYH29`HX,[X#F#T,>)M7-QF!2S*2-"7P3N7<B$TQ4@0D/
M&QM@W`S&23"[N7M&=$NI*Z3P4`<M49#E2E0[Y<KRHQ/MO?]X##NA0L/I9^'(
M/)E?NUSEE2"?><QE^38R#EJ";:;@DBEN3`S,]]&WTK!2*D*,1.TBG"&W2Y7G
M\4`FV3#_GJ)$C57*H[IEW1)L'`>%*"<F4[:33,9\96O`1`S'/1Z&]:D8>@!&
M^1D*INZ(B.4E0I9L;!_OKAR(E!NV+87Q@OZMU:8T];!DH8G[F(QH"1%C<D8Z
M`2A?DP$*JG2`E8+[HM\OP-\*K"U>$@V9%$@CD-G-='B6@V!5+D"LXR.T$U91
M1G2BS9Z3Q]U"K$.^%)J[?364R4!95^S]=>*BQF$!6@AI";T<RY^(,,+R0H:E
MT\/Z(VZPRL8<'Q%I(HN*T*:R_/4>4-_OAYD-D2V<BOT5)G0MZH?)<#@&7XIK
M=-)(I`'.^VAG=;6B_66RN51,4JZ(&QM]N<81B]&R$8_3::UM;[*%Q+1-2`5C
M4028C*0MZO"DR_`,"F4KB6V:5.[>@@ZH0Z&*8,H8P*+DS%])XG`,S/.P&-9?
MWR&KHY#GDN:5\B)8P$HXY$@J/BZA>AHD(X@2+"D!#X=4?;TP\VD/2F/3$1F^
MH_J<RN2*ZXS'Z.(WPQ!M95F+EJ`#\+OQ)E$#-G\+^:,7V4*^F2>3,#2LF9*J
MM.FM-KJ<7XA[0F(AS66<3#UVF60I;6G8-\!:'5*]QO`S]EI4U&)-<?+?209^
M`G%B^B*RW^I((CT8`UH&LR9G?H0=">IM=L4%RUCC#;6/$2YB8\@]P&]81,&=
M$R`1]P234_Q,%0&*H]RW(QXB%="&EL6??>4\3NB=GB7V?:+@]98>-8M1RTZV
M[:!C!UT[,$F^7V3I?I%1^T4R[!>QNV\"3H\*7*<`=@IDM\!S"SRW0-'`!O7N
M?E,/]^;E<UX^Y^5S7CY?MGS.RV9>-G]XN?RORF1'!_E,5#WQ@FF)`C):HN%T
MSN1M6>ELJW*V73G;J9SM5L[JG\#ETXY^QT/37Q^8=JM7VYR?,J[Y.<_]3;A]
MP;0X8FJC^$@_]8DC[K4T97N]D/L>(+M'U]E2=B*Y#<B4/HTJ?6;=M5FNSR,+
M?H4^;L]@W/&/6]5RNK;E=&W+Z=J6TRU:3K=H.1M%R^G.6\ZIEI/L$7V7/"#7
MN;U90_)[!E^K6OO9N]!R]1_?A%9@S-B#EB,_N06M@'I2!]KH/5@;7J+]+!?Q
M^=WG5``^H1+-N\]Y]_GBW6>SL@.8F2K+2'A6ELR3R8),*535Q7Z_5P2/I.:*
M%":%".19_8PS[V?^]_U,!<H3WI^5H_R\N=&I]L^\H_G1'<V4@^<=S;RC^9$=
MS<N>!'O^813S=N7G.^UE2/KQ)[X>XX!V<;AM?BQL?BSLY8Z%M2:/A;ULR$[\
M/ZTZ4)Y!1K_ZL;!?4W1=8-JX=M-MR%I'5X(_&NV0Q@\=.WYUK`\N^PG6K?NG
0EML;CCFU_"_A3+SNX2P``-JX
`
end

Message received at debian-bugs:

From pixar.com!bruce Tue Jul 18 21:28:45 1995
Return-Path: <bruce@pixar.com>
Received: from pixar.com by mongo.pixar.com with smtp
	(Smail3.1.28.1 #15) id m0sYQkX-000604C; Tue, 18 Jul 95 21:28 PDT
Received: from mongo.pixar.com by pixar.com with SMTP id AA22152
  (5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Tue, 18 Jul 1995 21:27:12 -0700
Received: by mongo.pixar.com (Smail3.1.28.1 #15)
	id m0sYQhm-000604C; Tue, 18 Jul 95 21:25 PDT
Message-Id: <m0sYQhm-000604C@mongo.pixar.com>
Date: Tue, 18 Jul 95 21:25 PDT
From: bruce@pixar.com (Bruce Perens)
To: debian-bugs@pixar.com, iwj10@cus.cam.ac.uk
Subject: Re: Bug#1088: Acknowledgement (was: ncurses - segfault in
    wnoutrefresh

Ian, is this still happening with ncurses-1.9.3 ?

	Thanks

	Bruce
--
-- Attention Ham Radio Operators: For information on "Linux for Hams", read
-- the World Wide Web page http://www.hams.com/perens/LinuxForHams, or send
-- an e-mail message containing the word "help" to info@hams.com .

Message received at debian-bugs:

From cus.cam.ac.uk!iwj10 Mon Jul 10 06:44:16 1995
Return-Path: <iwj10@cus.cam.ac.uk>
Received: from pixar.com by mongo.pixar.com with smtp
	(Smail3.1.28.1 #15) id m0sVJ8C-0005nTC; Mon, 10 Jul 95 06:44 PDT
Received: from bootes.cus.cam.ac.uk by pixar.com with SMTP id AA21370
  (5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Mon, 10 Jul 1995 06:42:43 -0700
Received: by bootes.cus.cam.ac.uk 
	(Smail-3.1.29.0 #36) id m0sVJ86-000C00C; Mon, 10 Jul 95 14:44 BST
Received: by chiark
	id <m0sV5pe-0000YOZ@chiark.al.cl.cam.ac.uk>
	(Debian /\oo/\ Smail3.1.29.1 #29.32); Mon, 10 Jul 95 00:32 BST
Message-Id: <m0sV5pe-0000YOZ@chiark.al.cl.cam.ac.uk>
Date: Mon, 10 Jul 95 00:32 BST
From: iwj10@cus.cam.ac.uk (Ian Jackson)
To: Debian bugs submission address <debian-bugs@pixar.com>
Subject: ncurses - segfault in wnoutrefresh in dpkg 0.93.53

Package: ncurses-developer
Version: 1.9.2c-1

To reproduce:
 * start dselect 0.93.53;
 * enter the package list (option 2);
 * hit ^L to redraw the display.

The result is a coredump in wnoutrefresh.  The arguments appear to be
sane.  I haven't investigated whether this is an overwriting (memory
corruption) problem in dselect because the last time I had an
overwriting problem it turned out to be ncurses infecting the rest of
the program rather than the other way around.

The bug happens with 0.93.42.3 too, and probably with other versions.

If you want to debug this and have Electric Fence installed the
easiest way is probably to use the `debugmake' script in the dpkg
0.93.53 source tarfile's `lib' and `dselect' directories.

dpkg-0.93.53.tar.gz is currently in private/project/ALPHA; when I
upload dpkg 0.93.54 I'll move it to dpkg-0.93.53-ncursesbug.tar.gz.

Ian.