Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 768285 - app-misc/mc-4.8.26 crashes on save: (mcedit:40454): GLib-ERROR **: 01:59:15.500: ../glib-2.66.4/glib/gmem.c:112: failed to allocate 18446744073709551504 bytes
Summary: app-misc/mc-4.8.26 crashes on save: (mcedit:40454): GLib-ERROR **: 01:59:15.5...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Sergei Trofimovich (RETIRED)
URL: https://midnight-commander.org/ticket...
Whiteboard:
Keywords: PATCH
Depends on:
Blocks:
 
Reported: 2021-02-02 01:06 UTC by Thomas Deutschmann (RETIRED)
Modified: 2021-02-03 08:09 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
mc-4.8.26-clip-768285.patch (mc-4.8.26-clip-768285.patch,1.15 KB, patch)
2021-02-02 07:51 UTC, Sergei Trofimovich (RETIRED) 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann (RETIRED) gentoo-dev 2021-02-02 01:06:02 UTC 
mcedit from app-misc/mc-4.8.26 crashes when I edit certain ebuilds and press F2 to save the file with

> (mcedit:40454): GLib-ERROR **: 01:59:15.500: ../glib-2.66.4/glib/gmem.c:112: failed to allocate 18446744073709551504 bytes

Backtrace:

> # gdb /usr/bin/mcedit /var/tmp/coredumps/mcedit.23032.1612219224
> GNU gdb (Gentoo 10.1 vanilla) 10.1
> Copyright (C) 2020 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
> Type "show copying" and "show warranty" for details.
> This GDB was configured as "x86_64-pc-linux-gnu".
> Type "show configuration" for configuration details.
> For bug reporting instructions, please see:
> <https://bugs.gentoo.org/>.
> Find the GDB manual and other documentation resources online at:
>     <http://www.gnu.org/software/gdb/documentation/>.
> 
> For help, type "help".
> Type "apropos word" to search for commands related to "word"...
> Reading symbols from /usr/bin/mcedit...
> Reading symbols from /usr/lib/debug//usr/bin/mc.debug...
> 
> warning: core file may not match specified executable file.
> [New LWP 23032]
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib64/libthread_db.so.1".
> Core was generated by `mcedit doctrine-instantiator-1.3.1.ebuild'.
> Program terminated with signal SIGTRAP, Trace/breakpoint trap.
> #0  g_log_structured_array (log_level=<optimized out>, fields=0x7fffe2dff550, n_fields=4)
>     at ../glib-2.66.4/glib/gmessages.c:554
> 554     ../glib-2.66.4/glib/gmessages.c: No such file or directory.
> (gdb) bt
> #0  g_log_structured_array (log_level=<optimized out>, fields=0x7fffe2dff550, n_fields=4)
>     at ../glib-2.66.4/glib/gmessages.c:554
> #1  0x00007fb071105955 in g_log_default_handler (log_domain=log_domain@entry=0x7fb07115300e "GLib",
>     log_level=log_level@entry=6,
>     message=message@entry=0x56421febd830 "../glib-2.66.4/glib/gmem.c:112: failed to allocate 18446744073709551588 bytes", unused_data=unused_data@entry=0x0) at ../glib-2.66.4/glib/gmessages.c:3123
> #2  0x00007fb071105bb1 in g_logv (log_domain=0x7fb07115300e "GLib", log_level=G_LOG_LEVEL_ERROR,
>     format=<optimized out>, args=<optimized out>) at ../glib-2.66.4/glib/gmessages.c:1350
> #3  0x00007fb071105e57 in g_log (log_domain=log_domain@entry=0x7fb07115300e "GLib",
>     log_level=log_level@entry=G_LOG_LEVEL_ERROR, format=format@entry=0x7fb07115d790 "%s: failed to allocate %lu bytes")
>     at ../glib-2.66.4/glib/gmessages.c:1415
> #4  0x00007fb0711045a4 in g_malloc (n_bytes=18446744073709551588) at ../glib-2.66.4/glib/gmem.c:111
> #5  0x000056421ef63ea1 in tty_colorize_area (y=12, x=122, rows=6, cols=-2, color=10) at tty-ncurses.c:565
> #6  0x000056421ef64ec5 in tty_draw_box_shadow (y=11, x=-2, rows=7, cols=124, shadow_color=10) at tty.c:272
> #7  0x000056421ef27b58 in frame_draw (f=0x56421febb550) at frame.c:80
> #8  0x000056421ef27d65 in frame_callback (w=0x56421febb550, sender=0x0, msg=MSG_DRAW, parm=0, data=0x0) at frame.c:132
> #9  0x000056421ef6c15d in widget_draw (w=0x56421febb550) at widget-common.c:526
> #10 0x000056421ef298bd in group_draw (g=0x56421feb8200) at group.c:420
> #11 0x000056421ef29d03 in group_default_callback (w=0x56421feb8200, sender=0x0, msg=MSG_DRAW, parm=0, data=0x0)
>     at group.c:563
> #12 0x000056421ef192c1 in dlg_default_callback (w=0x56421feb8200, sender=0x0, msg=MSG_DRAW, parm=0, data=0x0)
>     at dialog.c:343
> #13 0x000056421ef6cef5 in query_default_callback (w=0x56421feb8200, sender=0x0, msg=MSG_DRAW, parm=0, data=0x0)
>     at wtools.c:112
> #14 0x000056421ef6c15d in widget_draw (w=0x56421feb8200) at widget-common.c:526
> #15 0x000056421ef6c733 in widget_default_set_state (w=0x56421feb8200, state=WST_FOCUSED, enable=1)
>     at widget-common.c:779
> #16 0x000056421ef29e0c in group_default_set_state (w=0x56421feb8200, state=WST_FOCUSED, enable=1) at group.c:610
> #17 0x000056421ef18b4e in widget_set_state (w=0x56421feb8200, state=WST_FOCUSED, enable=1)
>     at ../../lib/widget/widget-common.h:343
> #18 0x000056421ef19948 in dlg_init (h=0x56421feb8200) at dialog.c:515
> #19 0x000056421ef19a98 in dlg_run (h=0x56421feb8200) at dialog.c:574
> #20 0x000056421ef6da61 in query_dialog (header=0x56421effa2ea "Save file",
>     text=0x56421fddc940 "Confirm save file: \"/home/thomas/repositories/gentoo/dev-php/doctrine-instantiator/doctrine-instantiator-1.3.1.ebuild\"", flags=0, count=2) at wtools.c:350
> #21 0x000056421efa163d in edit_save_confirm_cmd (edit=0x56421fe7edb0) at editcmd.c:2049
> #22 0x000056421ef9b0b8 in edit_execute_cmd (edit=0x56421fe7edb0, command=53, char_for_insertion=-1) at edit.c:3826
> #23 0x000056421ef99841 in edit_execute_key_command (edit=0x56421fe7edb0, command=53, char_for_insertion=-1)
> --Type <RET> for more, q to quit, c to continue without paging--c
>     at edit.c:3235
> #24 0x000056421efab8dd in edit_callback (w=0x56421fe7edb0, sender=0x56421fe7ebc0, msg=MSG_ACTION, parm=53, data=0x0) at editwidget.c:971
> #25 0x000056421ef14ceb in send_message (w=0x56421fe7edb0, sender=0x56421fe7ebc0, msg=MSG_ACTION, parm=53, data=0x0) at ../../lib/widget/widget-common.h:243
> #26 0x000056421ef15053 in buttonbar_call (bb=0x56421fe7ebc0, i=1) at buttonbar.c:154
> #27 0x000056421ef150c8 in buttonbar_callback (w=0x56421fe7ebc0, sender=0x0, msg=MSG_HOTKEY, parm=266, data=0x0) at buttonbar.c:171
> #28 0x000056421ef28db4 in send_message (w=0x56421fe7ebc0, sender=0x0, msg=MSG_HOTKEY, parm=266, data=0x0) at ../../lib/widget/widget-common.h:243
> #29 0x000056421ef29b44 in group_handle_hotkey (g=0x56421fe776a0, key=266) at group.c:497
> #30 0x000056421ef29d34 in group_default_callback (w=0x56421fe776a0, sender=0x0, msg=MSG_HOTKEY, parm=266, data=0x0) at group.c:570
> #31 0x000056421ef192c1 in dlg_default_callback (w=0x56421fe776a0, sender=0x0, msg=MSG_HOTKEY, parm=266, data=0x0) at dialog.c:343
> #32 0x000056421efab546 in edit_dialog_callback (w=0x56421fe776a0, sender=0x0, msg=MSG_HOTKEY, parm=266, data=0x0) at editwidget.c:834
> #33 0x000056421ef28db4 in send_message (w=0x56421fe776a0, sender=0x0, msg=MSG_HOTKEY, parm=266, data=0x0) at ../../lib/widget/widget-common.h:243
> #34 0x000056421ef2991d in group_handle_key (g=0x56421fe776a0, key=266) at group.c:434
> #35 0x000056421ef29d1e in group_default_callback (w=0x56421fe776a0, sender=0x0, msg=MSG_KEY, parm=266, data=0x0) at group.c:567
> #36 0x000056421ef1900d in dlg_key_event (h=0x56421fe776a0, d_key=266) at dialog.c:251
> #37 0x000056421ef199d1 in dlg_process_event (h=0x56421fe776a0, key=266, event=0x7fffe2e00340) at dialog.c:541
> #38 0x000056421ef191ff in frontend_dlg_run (h=0x56421fe776a0) at dialog.c:320
> #39 0x000056421ef19aa4 in dlg_run (h=0x56421fe776a0) at dialog.c:575
> #40 0x000056421efac33d in edit_files (files=0x56421fe04d40 = {...}) at editwidget.c:1272
> #41 0x000056421ef21970 in mc_maybe_editor_or_viewer () at filemanager.c:977
> #42 0x000056421ef2316e in do_nc () at filemanager.c:1826
> #43 0x000056421ef0b91f in main (argc=2, argv=0x7fffe2e005b8) at main.c:463
> (gdb)

I was able to bisect and the bad commit is https://github.com/MidnightCommander/mc/commit/8b4386df83ab5a525f0568113fe1e53d362f433e

During testing I noticed that my terminal size is important. I connected from mintty at size 120x40 when I first experienced the problem. Resizing the terminal made the problem disappear.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2021-02-02 01:08:32 UTC 
Video showing the problem: https://dev.gentoo.org/~whissi/stuff/mced-crash_bug768285.webm
Comment 2 Sergei Trofimovich (RETIRED) gentoo-dev 2021-02-02 06:48:23 UTC 
Is it aUSE=-slang mc? Please post `emerge --info mc`.
Comment 3 Sergei Trofimovich (RETIRED) gentoo-dev 2021-02-02 07:40:55 UTC 
(In reply to Thomas Deutschmann from comment #0)
> > #4  0x00007fb0711045a4 in g_malloc (n_bytes=18446744073709551588) at ../glib-2.66.4/glib/gmem.c:111
> > #5  0x000056421ef63ea1 in tty_colorize_area (y=12, x=122, rows=6, cols=-2, color=10) at tty-ncurses.c:565
> > #6  0x000056421ef64ec5 in tty_draw_box_shadow (y=11, x=-2, rows=7, cols=124, shadow_color=10) at tty.c:272
> > #7  0x000056421ef27b58 in frame_draw (f=0x56421febb550) at frame.c:80

'cols=-2' looks like a culprit. At a glance https://github.com/MidnightCommander/mc/commit/8b4386df83ab5a525f0568113fe1e53d362f433e does not change the clipping behaviour. But the new calls to draw shadow box were added.

In our case new call is:

  frame.c:
    if (mc_global.tty.shadows)
        tty_draw_box_shadow (w->y, w->x, w->lines, w->cols, SHADOW_COLOR);

It should call one of tty_colorize_area() below:

  void
  tty_draw_box_shadow (int y, int x, int rows, int cols, int shadow_color)
  {
      /* draw right shadow */
      tty_colorize_area (y + 1, x + cols, rows - 1, 2, shadow_color);
      /* draw bottom shadow */
      tty_colorize_area (y + rows, x + 2, 1, cols, shadow_color);
  }

Looking at the values it's a 'right' case. But 'cols' should be literal '2', not -2. Backtrace probably shows value changed inplace by ncurses-specific  tty_clip().

  void
  tty_colorize_area (int y, int x, int rows, int cols, int color)
  {
    ...
      if (!use_colors || !tty_clip (&y, &x, &rows, &cols))
          return;
  ...

  static gboolean
  tty_clip (int *y, int *x, int *rows, int *cols)
  {
    ...
    if (*x + *cols > COLS)
        *cols = COLS - *x;

    return TRUE;
  }

At a glance the patch itself did not seem to change the clipping logic. But the shadow area can now gnerate boxes of nevative heght:

    // tty_draw_box_shadow()
    y=11;
    x=-2;
    rows=7;
    cols=124;

    // tty_colorize_area (y + 1, x + cols, rows - 1, 2, shadow_color); ('right' case)
    y = 12;
    x = 122;
    rows = 6;
    cols = 2;

    // tty_clip()

    cols = -2; // somehow, perhaps due to:

      if (*x + *cols > COLS)
          *cols = COLS - *x;
 
To get negative COLS should be 120.

Thus right hand side box clipping is not enough.
Comment 4 Sergei Trofimovich (RETIRED) gentoo-dev 2021-02-02 07:50:44 UTC 
I think our special trigger here is the huge initial save dialog width of 120 symbols. What locale you are running to get such a box?

The simple reproducer seems to be:

1. Build mc with USE=ncurses
2. Shrink the window
3. Attempt to save a file.

Would you like to give the patch a try? I'd also be interested in the video of successful safe.
Comment 5 Sergei Trofimovich (RETIRED) gentoo-dev 2021-02-02 07:51:28 UTC 
Created attachment 685515 [details, diff]
mc-4.8.26-clip-768285.patch

mc-4.8.26-clip-768285.patch should clip consistently
Comment 6 Thomas Deutschmann (RETIRED) gentoo-dev 2021-02-03 01:25:24 UTC 
> =================================================================
>                         Package Settings
> =================================================================
> 
> app-misc/mc-4.8.26::gentoo was built with the following:
> USE="edit nls sftp unicode xdg -X -gpm -samba -slang -spell -test" ABI_X86="(64)"
> FEATURES="xattr distlocks binpkg-docompress pid-sandbox userpriv unmerge-logs strict ccache news sandbox cgroup assume-digests userfetch unmerge-orphans qa-unresolved-soname-deps ipc-sandbox downgrade-backup network-sandbox config-protect-if-modified preserve-libs protect-owned usersandbox binpkg-logs binpkg-dostrip unknown-features-warn sfperms fixlafiles multilib-strict merge-sync parallel-fetch ebuild-locks usersync"
> 

Now going to test the patch...
Comment 7 Thomas Deutschmann (RETIRED) gentoo-dev 2021-02-03 01:32:50 UTC 
Patch works, thank you.
Comment 8 Larry the Git Cow gentoo-dev 2021-02-03 08:09:47 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ea2c3fc6deedb313f1c6aaa49d4e9b87e1b3c805

commit ea2c3fc6deedb313f1c6aaa49d4e9b87e1b3c805
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2021-02-03 08:08:55 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2021-02-03 08:09:41 +0000

    app-misc/mc: fix shadow render on ncurses
    
    Reported-by: Thomas Deutschmann
    Closes: https://bugs.gentoo.org/768285
    Package-Manager: Portage-3.0.14, Repoman-3.0.2
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 app-misc/mc/files/mc-4.8.26-shadow-crash.patch |  39 +++++++++
 app-misc/mc/mc-4.8.26-r1.ebuild                | 108 +++++++++++++++++++++++++
 2 files changed, 147 insertions(+)