unibilium crashes neovim in st (simple terminal) from ncurses-6.0_p20171125-r0 on

[ganwell]

#30 seems to related but is not, since using https://github.com/mauke/unibilium/tree/wide-int doesn't solve the problem.

I was able to fix the problem by using the terminfo bundled with st instead the one that come with ncurses. But no other programs crashes, so I guess it must be fixed in unibilium.

[mauke]

no other programs crashes

Doesn't that mean it's a neovim bug?

[ganwell]

Maybe, it crashes inside libunibilium, so I decided to start here.

[ganwell]

Thread 2 "nvim" received signal SIGSEGV, Segmentation fault.
0x00007ffff711da5e in unibi_format () from /usr/lib/libunibilium.so.0

[mauke]

That's not really helpful. There is no code or reproduction steps in this bug report. Just "unibilium crashes". What am I supposed to do with this?

[mauke]

I managed to download and build neovim, but it didn't crash when I ran it.

[ganwell]

I am sorry. I am hunting this bug for 2 whole days now. This is the first "concrete" thing I found. Even when I build debug versions of the components it is gone.

Did you use TERM=st-256color nvim?

[mauke]

I tried TERM=st-256color build/bin/nvim, yes.

[ganwell]

Thanks for your help. Sorry for bothering you.

[ganwell]

@mauke I have now found a way to reproduce it:

docker run --rm -ti alpine:3.7 sh -c "apk update; apk add neovim ncurses-terminfo; TERM=st-256color nvim"
-> Segmentation fault

I know this is still no test program, but maybe it helps. Otherwise I would provide a chroot, containing the error.

[ganwell]

Here is a stacktrace (TERM=st-256color gdb /usr/bin/nvim)

Thread 2 "nvim" received signal SIGSEGV, Segmentation fault.
                                                            [Switching to LWP 88]
0x00007ffff7dc17fd in strlen () from /lib/ld-musl-x86_64.so.1
(gdb) bt
#0  0x00007ffff7dc17fd in strlen () from /lib/ld-musl-x86_64.so.1
#1  0x00007ffff711cb1c in unibi_format (var_dyn=0x7ffff6c991a8, var_static=0x7ffff6c99278, fmt=0x555555c296d0 ";%p2%s\a", param=0x555555bfef78, out=0x55555570401b <out>, ctx1=0x555555bd56e0,
    pad=0x0, ctx2=0x0) at unibilium.c:1140
#2  0x0000555555704466 in unibi_out_ext (ui=0x555555bd56e0, unibi_index=<optimized out>) at /home/ganwell/Repositories/aports-cur/community/neovim/src/neovim-0.2.2/src/nvim/tui/tui.c:1213
#3  0x0000555555709cbb in ui_bridge_mode_info_set_event (argv=<optimized out>)
    at /home/ganwell/Repositories/aports-cur/community/neovim/src/neovim-0.2.2/build/src/nvim/auto/ui_events_bridge.generated.h:45
#4  0x00005555556096eb in multiqueue_process_events (this=0x555555be31c0) at /home/ganwell/Repositories/aports-cur/community/neovim/src/neovim-0.2.2/src/nvim/event/multiqueue.c:150
#5  0x00005555556090fc in loop_poll_events (loop=loop@entry=0x7ffff6c99438, ms=ms@entry=-1) at /home/ganwell/Repositories/aports-cur/community/neovim/src/neovim-0.2.2/src/nvim/event/loop.c:59
#6  0x00005555557069fb in tui_main (bridge=0x5555559dab80, ui=0x555555bd56e0) at /home/ganwell/Repositories/aports-cur/community/neovim/src/neovim-0.2.2/src/nvim/tui/tui.c:343
#7  0x00007ffff7dc3ff8 in ?? () from /lib/ld-musl-x86_64.so.1
#8  0x0000000000000000 in ?? ()
(gdb) up
#1  0x00007ffff711cb1c in unibi_format (var_dyn=0x7ffff6c991a8, var_static=0x7ffff6c99278, fmt=0x555555c296d0 ";%p2%s\a", param=0x555555bfef78, out=0x55555570401b <out>, ctx1=0x555555bd56e0,
    pad=0x0, ctx2=0x0) at unibilium.c:1140
1140                    out(ctx1, s, strlen(s));
(gdb) info locals
s = 0x2 <error: Cannot access memory at address 0x2>
zero = {i = 0, p = 0x0}
stack = {{i = 2, p = 0x2 <error: Cannot access memory at address 0x2>}, {i = 0, p = 0x0} <repeats 122 times>}
sp = 0
__func__ = "unibi_format"
(gdb) up
#2  0x0000555555704466 in unibi_out_ext (ui=0x555555bd56e0, unibi_index=<optimized out>) at /home/ganwell/Repositories/aports-cur/community/neovim/src/neovim-0.2.2/src/nvim/tui/tui.c:1213
1213      UNIBI_OUT(unibi_get_ext_str);
(gdb) info locals
vars = {{i = 0, p = 0x0} <repeats 52 times>}
data = <optimized out>
str = 0x555555c296c6 "\033]52;%p1%s;%p2%s\a"
(gdb) up
#3  0x0000555555709cbb in ui_bridge_mode_info_set_event (argv=<optimized out>)
    at /home/ganwell/Repositories/aports-cur/community/neovim/src/neovim-0.2.2/build/src/nvim/auto/ui_events_bridge.generated.h:45
45        ui->mode_info_set(ui, PTR2INT(argv[1]), cursor_styles);
(gdb) info locals
ui = <optimized out>
cursor_styles = {items = 0x555555c2baa0, size = 17, capacity = 0}
(gdb)

   │1137                case 's': {                         
   │1138                    const char *s;                  
B+ │1139                    s = unibi_str_from_var(POP());  
  >│1140                    out(ctx1, s, strlen(s));        
   │1141                    break;                          
   │1142                }

(gdb) p stack
$1 = {{i = 2, p = 0x2 <error: Cannot access memory at address 0x2>}, {i = 0, p = 0x0} <repeats 122 times>}
(gdb) p (stack - 1)
$2 = (unibi_var_t *) 0x7ffff6c98d78
(gdb) p (stack + 1)
$3 = (unibi_var_t *) 0x7ffff6c98d88
(gdb) p *(stack - 1)
$1 = {i = 0, p = 0x0}
(gdb) p *(stack + 1)
$2 = {i = 0, p = 0x0}
(gdb)

If you think the bug is in unibilium. I can create a chroot with debug versions of neovim and the sources, so gdb works and upload it on my server.

[justinmk]

0x0000555555704466 in unibi_out_ext (ui=0x555555bd56e0, unibi_index=) at /home/ganwell/Repositories/aports-cur/community/neovim/src/neovim-0.2.2/src/nvim/tui/tui.c:1213

@ganwell Can you try Nvim HEAD? Maybe neovim/neovim@90dd2b1 helps.

[ganwell]

@justinmk neovim nightly works. but just patching 0.2.2 with neovim/neovim@90dd2b1 doesn't help. I see there are other revisions referenced, shall I try some combinations of these? What is the best way to get a patch into the distro?

Also shall we switch to a issue on neovim?

[justinmk]

shall I try some combinations of these?

You could try git bisect.

What is the best way to get a patch into the distro?

No idea, depends on your distro. We offer pre-built packages at https://github.com/neovim/neovim/releases , that's the most we can do until a release is ready.

Also shall we switch to a issue on neovim?

If it's fixed on master, there's nothing to discuss....

[ganwell]

You could try git bisect.

Thanks a lot that worked. neovim/neovim@5cbd3b383c fixes the problem.

If it's fixed on master, there's nothing to discuss...

I meant to document the patch, but there is already an issue.

Sorry for hijacking this issue tracker and thanks to both of you.

[justinmk]

. neovim/neovim@5cbd3b3 fixes the problem.

Interesting. that does suggest a unibilium bug.

[rofl0r]

yeah, it's possible that unibilium invokes UB somewehre and expects GLIBC behaviour (i.e. no nasal daemons summoned)