mcedit from app-misc/mc-4.8.26 crashes when I edit certain ebuilds and press F2 to save the file with > (mcedit:40454): GLib-ERROR **: 01:59:15.500: ../glib-2.66.4/glib/gmem.c:112: failed to allocate 18446744073709551504 bytes Backtrace: > # gdb /usr/bin/mcedit /var/tmp/coredumps/mcedit.23032.1612219224 > GNU gdb (Gentoo 10.1 vanilla) 10.1 > Copyright (C) 2020 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. > Type "show copying" and "show warranty" for details. > This GDB was configured as "x86_64-pc-linux-gnu". > Type "show configuration" for configuration details. > For bug reporting instructions, please see: > <https://bugs.gentoo.org/>. > Find the GDB manual and other documentation resources online at: > <http://www.gnu.org/software/gdb/documentation/>. > > For help, type "help". > Type "apropos word" to search for commands related to "word"... > Reading symbols from /usr/bin/mcedit... > Reading symbols from /usr/lib/debug//usr/bin/mc.debug... > > warning: core file may not match specified executable file. > [New LWP 23032] > [Thread debugging using libthread_db enabled] > Using host libthread_db library "/lib64/libthread_db.so.1". > Core was generated by `mcedit doctrine-instantiator-1.3.1.ebuild'. > Program terminated with signal SIGTRAP, Trace/breakpoint trap. > #0 g_log_structured_array (log_level=<optimized out>, fields=0x7fffe2dff550, n_fields=4) > at ../glib-2.66.4/glib/gmessages.c:554 > 554 ../glib-2.66.4/glib/gmessages.c: No such file or directory. > (gdb) bt > #0 g_log_structured_array (log_level=<optimized out>, fields=0x7fffe2dff550, n_fields=4) > at ../glib-2.66.4/glib/gmessages.c:554 > #1 0x00007fb071105955 in g_log_default_handler (log_domain=log_domain@entry=0x7fb07115300e "GLib", > log_level=log_level@entry=6, > message=message@entry=0x56421febd830 "../glib-2.66.4/glib/gmem.c:112: failed to allocate 18446744073709551588 bytes", unused_data=unused_data@entry=0x0) at ../glib-2.66.4/glib/gmessages.c:3123 > #2 0x00007fb071105bb1 in g_logv (log_domain=0x7fb07115300e "GLib", log_level=G_LOG_LEVEL_ERROR, > format=<optimized out>, args=<optimized out>) at ../glib-2.66.4/glib/gmessages.c:1350 > #3 0x00007fb071105e57 in g_log (log_domain=log_domain@entry=0x7fb07115300e "GLib", > log_level=log_level@entry=G_LOG_LEVEL_ERROR, format=format@entry=0x7fb07115d790 "%s: failed to allocate %lu bytes") > at ../glib-2.66.4/glib/gmessages.c:1415 > #4 0x00007fb0711045a4 in g_malloc (n_bytes=18446744073709551588) at ../glib-2.66.4/glib/gmem.c:111 > #5 0x000056421ef63ea1 in tty_colorize_area (y=12, x=122, rows=6, cols=-2, color=10) at tty-ncurses.c:565 > #6 0x000056421ef64ec5 in tty_draw_box_shadow (y=11, x=-2, rows=7, cols=124, shadow_color=10) at tty.c:272 > #7 0x000056421ef27b58 in frame_draw (f=0x56421febb550) at frame.c:80 > #8 0x000056421ef27d65 in frame_callback (w=0x56421febb550, sender=0x0, msg=MSG_DRAW, parm=0, data=0x0) at frame.c:132 > #9 0x000056421ef6c15d in widget_draw (w=0x56421febb550) at widget-common.c:526 > #10 0x000056421ef298bd in group_draw (g=0x56421feb8200) at group.c:420 > #11 0x000056421ef29d03 in group_default_callback (w=0x56421feb8200, sender=0x0, msg=MSG_DRAW, parm=0, data=0x0) > at group.c:563 > #12 0x000056421ef192c1 in dlg_default_callback (w=0x56421feb8200, sender=0x0, msg=MSG_DRAW, parm=0, data=0x0) > at dialog.c:343 > #13 0x000056421ef6cef5 in query_default_callback (w=0x56421feb8200, sender=0x0, msg=MSG_DRAW, parm=0, data=0x0) > at wtools.c:112 > #14 0x000056421ef6c15d in widget_draw (w=0x56421feb8200) at widget-common.c:526 > #15 0x000056421ef6c733 in widget_default_set_state (w=0x56421feb8200, state=WST_FOCUSED, enable=1) > at widget-common.c:779 > #16 0x000056421ef29e0c in group_default_set_state (w=0x56421feb8200, state=WST_FOCUSED, enable=1) at group.c:610 > #17 0x000056421ef18b4e in widget_set_state (w=0x56421feb8200, state=WST_FOCUSED, enable=1) > at ../../lib/widget/widget-common.h:343 > #18 0x000056421ef19948 in dlg_init (h=0x56421feb8200) at dialog.c:515 > #19 0x000056421ef19a98 in dlg_run (h=0x56421feb8200) at dialog.c:574 > #20 0x000056421ef6da61 in query_dialog (header=0x56421effa2ea "Save file", > text=0x56421fddc940 "Confirm save file: \"/home/thomas/repositories/gentoo/dev-php/doctrine-instantiator/doctrine-instantiator-1.3.1.ebuild\"", flags=0, count=2) at wtools.c:350 > #21 0x000056421efa163d in edit_save_confirm_cmd (edit=0x56421fe7edb0) at editcmd.c:2049 > #22 0x000056421ef9b0b8 in edit_execute_cmd (edit=0x56421fe7edb0, command=53, char_for_insertion=-1) at edit.c:3826 > #23 0x000056421ef99841 in edit_execute_key_command (edit=0x56421fe7edb0, command=53, char_for_insertion=-1) > --Type <RET> for more, q to quit, c to continue without paging--c > at edit.c:3235 > #24 0x000056421efab8dd in edit_callback (w=0x56421fe7edb0, sender=0x56421fe7ebc0, msg=MSG_ACTION, parm=53, data=0x0) at editwidget.c:971 > #25 0x000056421ef14ceb in send_message (w=0x56421fe7edb0, sender=0x56421fe7ebc0, msg=MSG_ACTION, parm=53, data=0x0) at ../../lib/widget/widget-common.h:243 > #26 0x000056421ef15053 in buttonbar_call (bb=0x56421fe7ebc0, i=1) at buttonbar.c:154 > #27 0x000056421ef150c8 in buttonbar_callback (w=0x56421fe7ebc0, sender=0x0, msg=MSG_HOTKEY, parm=266, data=0x0) at buttonbar.c:171 > #28 0x000056421ef28db4 in send_message (w=0x56421fe7ebc0, sender=0x0, msg=MSG_HOTKEY, parm=266, data=0x0) at ../../lib/widget/widget-common.h:243 > #29 0x000056421ef29b44 in group_handle_hotkey (g=0x56421fe776a0, key=266) at group.c:497 > #30 0x000056421ef29d34 in group_default_callback (w=0x56421fe776a0, sender=0x0, msg=MSG_HOTKEY, parm=266, data=0x0) at group.c:570 > #31 0x000056421ef192c1 in dlg_default_callback (w=0x56421fe776a0, sender=0x0, msg=MSG_HOTKEY, parm=266, data=0x0) at dialog.c:343 > #32 0x000056421efab546 in edit_dialog_callback (w=0x56421fe776a0, sender=0x0, msg=MSG_HOTKEY, parm=266, data=0x0) at editwidget.c:834 > #33 0x000056421ef28db4 in send_message (w=0x56421fe776a0, sender=0x0, msg=MSG_HOTKEY, parm=266, data=0x0) at ../../lib/widget/widget-common.h:243 > #34 0x000056421ef2991d in group_handle_key (g=0x56421fe776a0, key=266) at group.c:434 > #35 0x000056421ef29d1e in group_default_callback (w=0x56421fe776a0, sender=0x0, msg=MSG_KEY, parm=266, data=0x0) at group.c:567 > #36 0x000056421ef1900d in dlg_key_event (h=0x56421fe776a0, d_key=266) at dialog.c:251 > #37 0x000056421ef199d1 in dlg_process_event (h=0x56421fe776a0, key=266, event=0x7fffe2e00340) at dialog.c:541 > #38 0x000056421ef191ff in frontend_dlg_run (h=0x56421fe776a0) at dialog.c:320 > #39 0x000056421ef19aa4 in dlg_run (h=0x56421fe776a0) at dialog.c:575 > #40 0x000056421efac33d in edit_files (files=0x56421fe04d40 = {...}) at editwidget.c:1272 > #41 0x000056421ef21970 in mc_maybe_editor_or_viewer () at filemanager.c:977 > #42 0x000056421ef2316e in do_nc () at filemanager.c:1826 > #43 0x000056421ef0b91f in main (argc=2, argv=0x7fffe2e005b8) at main.c:463 > (gdb) I was able to bisect and the bad commit is https://github.com/MidnightCommander/mc/commit/8b4386df83ab5a525f0568113fe1e53d362f433e During testing I noticed that my terminal size is important. I connected from mintty at size 120x40 when I first experienced the problem. Resizing the terminal made the problem disappear.
Video showing the problem: https://dev.gentoo.org/~whissi/stuff/mced-crash_bug768285.webm
Is it aUSE=-slang mc? Please post `emerge --info mc`.
(In reply to Thomas Deutschmann from comment #0) > > #4 0x00007fb0711045a4 in g_malloc (n_bytes=18446744073709551588) at ../glib-2.66.4/glib/gmem.c:111 > > #5 0x000056421ef63ea1 in tty_colorize_area (y=12, x=122, rows=6, cols=-2, color=10) at tty-ncurses.c:565 > > #6 0x000056421ef64ec5 in tty_draw_box_shadow (y=11, x=-2, rows=7, cols=124, shadow_color=10) at tty.c:272 > > #7 0x000056421ef27b58 in frame_draw (f=0x56421febb550) at frame.c:80 'cols=-2' looks like a culprit. At a glance https://github.com/MidnightCommander/mc/commit/8b4386df83ab5a525f0568113fe1e53d362f433e does not change the clipping behaviour. But the new calls to draw shadow box were added. In our case new call is: frame.c: if (mc_global.tty.shadows) tty_draw_box_shadow (w->y, w->x, w->lines, w->cols, SHADOW_COLOR); It should call one of tty_colorize_area() below: void tty_draw_box_shadow (int y, int x, int rows, int cols, int shadow_color) { /* draw right shadow */ tty_colorize_area (y + 1, x + cols, rows - 1, 2, shadow_color); /* draw bottom shadow */ tty_colorize_area (y + rows, x + 2, 1, cols, shadow_color); } Looking at the values it's a 'right' case. But 'cols' should be literal '2', not -2. Backtrace probably shows value changed inplace by ncurses-specific tty_clip(). void tty_colorize_area (int y, int x, int rows, int cols, int color) { ... if (!use_colors || !tty_clip (&y, &x, &rows, &cols)) return; ... static gboolean tty_clip (int *y, int *x, int *rows, int *cols) { ... if (*x + *cols > COLS) *cols = COLS - *x; return TRUE; } At a glance the patch itself did not seem to change the clipping logic. But the shadow area can now gnerate boxes of nevative heght: // tty_draw_box_shadow() y=11; x=-2; rows=7; cols=124; // tty_colorize_area (y + 1, x + cols, rows - 1, 2, shadow_color); ('right' case) y = 12; x = 122; rows = 6; cols = 2; // tty_clip() cols = -2; // somehow, perhaps due to: if (*x + *cols > COLS) *cols = COLS - *x; To get negative COLS should be 120. Thus right hand side box clipping is not enough.
I think our special trigger here is the huge initial save dialog width of 120 symbols. What locale you are running to get such a box? The simple reproducer seems to be: 1. Build mc with USE=ncurses 2. Shrink the window 3. Attempt to save a file. Would you like to give the patch a try? I'd also be interested in the video of successful safe.
Created attachment 685515 [details, diff] mc-4.8.26-clip-768285.patch mc-4.8.26-clip-768285.patch should clip consistently
> ================================================================= > Package Settings > ================================================================= > > app-misc/mc-4.8.26::gentoo was built with the following: > USE="edit nls sftp unicode xdg -X -gpm -samba -slang -spell -test" ABI_X86="(64)" > FEATURES="xattr distlocks binpkg-docompress pid-sandbox userpriv unmerge-logs strict ccache news sandbox cgroup assume-digests userfetch unmerge-orphans qa-unresolved-soname-deps ipc-sandbox downgrade-backup network-sandbox config-protect-if-modified preserve-libs protect-owned usersandbox binpkg-logs binpkg-dostrip unknown-features-warn sfperms fixlafiles multilib-strict merge-sync parallel-fetch ebuild-locks usersync" > Now going to test the patch...
Patch works, thank you.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ea2c3fc6deedb313f1c6aaa49d4e9b87e1b3c805 commit ea2c3fc6deedb313f1c6aaa49d4e9b87e1b3c805 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2021-02-03 08:08:55 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2021-02-03 08:09:41 +0000 app-misc/mc: fix shadow render on ncurses Reported-by: Thomas Deutschmann Closes: https://bugs.gentoo.org/768285 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> app-misc/mc/files/mc-4.8.26-shadow-crash.patch | 39 +++++++++ app-misc/mc/mc-4.8.26-r1.ebuild | 108 +++++++++++++++++++++++++ 2 files changed, 147 insertions(+)
