Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ftptop segfaults when using libncursesw on Gentoo #1174

Closed
gjaekel opened this issue Feb 9, 2021 · 23 comments
Closed

ftptop segfaults when using libncursesw on Gentoo #1174

gjaekel opened this issue Feb 9, 2021 · 23 comments
Assignees
@Castaglia
Labels
backport bug
Milestone
1.3.8

Comments

@gjaekel
Copy link

gjaekel commented Feb 9, 2021
edited

What I Did

when starting ftptop, nothing but a segfault occurs.

~ # ftptop 
Segmentation fault

All the other binaries seem to work. With previous installed proftp V1.3.6b, ftptop (V0.9) had worked.

What I Expected/Wanted

ftptop working. 😄

ProFTPD Version and Configuration

proftp 1.3.7 @ Gentoo

~ # ftptop -V
ftptop/1.0

~ # proftpd -V
Compile-time Settings:
  Version: 1.3.7a (maint)
  Platform: LINUX [Linux 5.4.55-gentoo x86_64]
  Built: Fri Feb 5 2021 12:48:45 CET
  Built With:
    configure  '--prefix=/usr' '--build=x86_64-pc-linux-gnu' '--host=x86_64-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--docdir=/usr/share/doc/proftpd-1.3.7a' '--htmldir=/usr/share/doc/proftpd-1.3.7a/html' '--libdir=/usr/lib64' '--localstatedir=/run/proftpd' '--sysconfdir=/etc/proftpd' '--disable-strip' '--disable-facl' '--enable-auth-file' '--enable-cap' '--enable-ctrls' '--disable-dso' '--disable-ident' '--disable-ipv6' '--disable-memcache' '--enable-ncurses' '--enable-nls' '--enable-openssl' '--enable-auth-pam' '--enable-pcre' '--disable-sodium' '--disable-tests' '--enable-trace' '--enable-shadow' '--enable-autoshadow' '--with-modules=mod_ctrls_admin:mod_sftp:mod_sftp_pam:mod_shaper:mod_snmp:mod_tls:mod_tls_shmcache:mod_vroot' 'build_alias=x86_64-pc-linux-gnu' 'host_alias=x86_64-pc-linux-gnu' 'CC=x86_64-pc-linux-gnu-gcc' 'CFLAGS=-march=nocona -O2 -pipe' 'LDFLAGS=-Wl,-O1 -Wl,--as-needed' 'CXXFLAGS=-march=nocona -O2 -pipe'

  CFLAGS: -g2 -march=nocona -O2 -pipe -Wall -fno-omit-frame-pointer
  LDFLAGS: -L$(top_srcdir)/lib -L$(top_builddir)/lib -Wl,-O1 -Wl,--as-needed -rdynamic 
  LIBS:  -lpcreposix -lpcre -lssl -lcrypto -lcap  -lssl  -lpam  -lcrypto -lsupp -lattr -lcrypt -ldl  -pthread

  Files:
    Configuration File:
      /etc/proftpd/proftpd.conf
    Pid File:
      /run/proftpd/proftpd.pid
    Scoreboard File:
      /run/proftpd/proftpd.scoreboard

  Info:
    + Max supported UID: 4294967295
    + Max supported GID: 4294967295

  Features:
    + Autoshadow support
    + Controls support
    + curses support
    - Developer support
    - DSO support
    - IPv6 support
    + Largefile support
    - Lastlog support
    - Memcache support
    + ncursesw support
    + NLS support
    + OpenSSL support (OpenSSL 1.1.1g  21 Apr 2020)
    + PCRE support
    - POSIX ACL support
    - Redis support
    + Sendfile support
    + Shadow file support
    - Sodium support
    + Trace support
    + xattr support

  Tunable Options:
    PR_TUNABLE_BUFFER_SIZE = 1024
    PR_TUNABLE_DEFAULT_RCVBUFSZ = 8192
    PR_TUNABLE_DEFAULT_SNDBUFSZ = 8192
    PR_TUNABLE_ENV_MAX = 2048
    PR_TUNABLE_GLOBBING_MAX_MATCHES = 100000
    PR_TUNABLE_GLOBBING_MAX_RECURSION = 8
    PR_TUNABLE_HASH_TABLE_SIZE = 40
    PR_TUNABLE_LOGIN_MAX = 256
    PR_TUNABLE_NEW_POOL_SIZE = 512
    PR_TUNABLE_PATH_MAX = 4096
    PR_TUNABLE_SCOREBOARD_BUFFER_SIZE = 80
    PR_TUNABLE_SCOREBOARD_SCRUB_TIMER = 30
    PR_TUNABLE_SELECT_TIMEOUT = 30
    PR_TUNABLE_TIMEOUTIDENT = 10
    PR_TUNABLE_TIMEOUTIDLE = 600
    PR_TUNABLE_TIMEOUTLINGER = 10
    PR_TUNABLE_TIMEOUTLOGIN = 300
    PR_TUNABLE_TIMEOUTNOXFER = 300
    PR_TUNABLE_TIMEOUTSTALLED = 3600
    PR_TUNABLE_XFER_SCOREBOARD_UPDATES = 10
@gjaekel
Copy link
Author

gjaekel commented Feb 9, 2021

A run via strace:

~ # strace -f ftptop 
execve("/usr/bin/ftptop", ["ftptop"], 0x7fff7cd9ab08 /* 29 vars */) = 0
brk(NULL)                               = 0x5571979ad000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=30142, ...}) = 0
mmap(NULL, 30142, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f02a2f27000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libncursesw.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 \263\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=229720, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02a2f25000
mmap(NULL, 2325560, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f02a2ad2000
mprotect(0x7f02a2b09000, 2093056, PROT_NONE) = 0
mmap(0x7f02a2d08000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x36000) = 0x7f02a2d08000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libtinfo.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260\363\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=234128, ...}) = 0
mmap(NULL, 2330968, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f02a2898000
mprotect(0x7f02a28cd000, 2093056, PROT_NONE) = 0
mmap(0x7f02a2acc000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x34000) = 0x7f02a2acc000
mmap(0x7f02a2ad1000, 344, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f02a2ad1000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\6i\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=147752, ...}) = 0
mmap(NULL, 2217120, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f02a267a000
mprotect(0x7f02a2693000, 2093056, PROT_NONE) = 0
mmap(0x7f02a2892000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18000) = 0x7f02a2892000
mmap(0x7f02a2894000, 13472, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f02a2894000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0l2\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1733320, ...}) = 0
mmap(NULL, 3839560, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f02a22d0000
mprotect(0x7f02a2471000, 2093056, PROT_NONE) = 0
mmap(0x7f02a2670000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a0000) = 0x7f02a2670000
mmap(0x7f02a2676000, 13896, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f02a2676000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libtinfow.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\364\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=238288, ...}) = 0
mmap(NULL, 2335224, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f02a2095000
mprotect(0x7f02a20ca000, 2097152, PROT_NONE) = 0
mmap(0x7f02a22ca000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x35000) = 0x7f02a22ca000
mmap(0x7f02a22cf000, 504, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f02a22cf000
close(3)                                = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f02a2f23000
arch_prctl(ARCH_SET_FS, 0x7f02a2f24040) = 0
mprotect(0x7f02a2670000, 16384, PROT_READ) = 0
mprotect(0x7f02a22ca000, 16384, PROT_READ) = 0
mprotect(0x7f02a2892000, 4096, PROT_READ) = 0
mprotect(0x7f02a2acc000, 16384, PROT_READ) = 0
mprotect(0x7f02a2d08000, 4096, PROT_READ) = 0
mprotect(0x5571979ab000, 4096, PROT_READ) = 0
mprotect(0x7f02a2f2f000, 4096, PROT_READ) = 0
munmap(0x7f02a2f27000, 30142)           = 0
set_tid_address(0x7f02a2f24310)         = 758
set_robust_list(0x7f02a2f24320, 24)     = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7f02a26803c4, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f02a268c280}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7f02a268044e, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f02a268c280}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
stat("/run/proftpd/proftpd.scoreboard", {st_mode=S_IFREG|0644, st_size=32, ...}) = 0
stat("/run/proftpd/proftpd.scoreboard", {st_mode=S_IFREG|0644, st_size=32, ...}) = 0
rt_sigaction(SIGINT, {sa_handler=0x5571979a7b7a, sa_mask=[INT], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f02a2307090}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGTERM, {sa_handler=0x5571979a7b7a, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f02a2307090}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
brk(NULL)                               = 0x5571979ad000
brk(0x5571979ce000)                     = 0x5571979ce000
openat(AT_FDCWD, "/usr/lib64/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=5834144, ...}) = 0
mmap(NULL, 5834144, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f02a1b04000
close(3)                                = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
stat("/root/.terminfo", 0x5571979aec00) = -1 ENOENT (No such file or directory)
stat("/etc/terminfo", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat("/usr/share/terminfo", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
access("/etc/terminfo/x/xterm-256color", R_OK) = 0
openat(AT_FDCWD, "/etc/terminfo/x/xterm-256color", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=3810, ...}) = 0
read(3, "\36\2%\0&\0\17\0\235\0010\6xterm-256color|xterm"..., 8192) = 3810
read(3, "", 8192)                       = 0
close(3)                                = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TIOCGWINSZ, {ws_row=91, ws_col=278, ws_xpixel=0, ws_ypixel=0}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TIOCGWINSZ, {ws_row=91, ws_col=278, ws_xpixel=0, ws_ypixel=0}) = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0xc8} ---
+++ killed by SIGSEGV +++
Segmentation fault

@Castaglia
Copy link
Member

Hmm. Would you happen to know which particular Gentoo version? I'm hoping to find a Docker image for that Gentoo version, and package build/install instructions that you used, so that I can reproduce this segfault locally.

@Castaglia Castaglia self-assigned this Feb 9, 2021
@gjaekel
Copy link
Author

gjaekel commented Feb 9, 2021
edited

Gentoo is a rolling distribution, all binaries are generated by the corresponding upstream sources whenever you like. Therefore, there is no "Gentoo version" existing. Thus, this is build from "your" release V1.3.7a. I may send you either the ftptop binary, the resulting install package or whatever you need, if you like.

@Castaglia
Copy link
Member

Fair enough.

Assume I'm starting with a bare/base "stage3" Gento installation. What would be the series of commands I would need to run, to install all of the necessary tools, to then configure/build/install ProFTPD, to reproduce the ftptop segfault locally?

@gjaekel
Copy link
Author

gjaekel commented Mar 1, 2021
edited

On a "well-configured" stage3, an invoke of emerge -a proftpd should do the job, i.e. build and install ProFTPd and it's prerequisites as well. But I don't know what's actually to configure first on a current "stage3", because I don't started from the scratch for more than 10y.

Said that, to ease things for you I may also provide you

  • the binary of ftptop, or
  • the prebuild Gentoo binary package, build on my platform, or
  • a live hacking session where we may look, test and trace down what ever you want.

The emerge command is the high-level control of the build process. For the propose of source debugging one will probably prefer to ebuild, work on the build sandbox and even resign of rolling out the package image at the used Gentoo host.

@Castaglia
Copy link
Member

Castaglia commented Mar 14, 2021
edited

I'm hoping that the causes for this are not Gentoo-specific, thus why I'm trying to reproduce this locally on a different platform, if I can.

The main change in ftptop, between 1.3.6b and 1.3.7a, is the addition of batch mode, as seen by:

$ cd proftpd
$ git diff v1.3.6b..v1.3.7a -- utils/ftptop.c

So that's what I'm focusing my attention on.

For your setup, what does the following show?

$ cd proftpd-1.3.7a
$ grep CURSES config.h

I'm hoping to see which specific curses-related things were found by configure in your environment/build.

Another interesting comparison to see would be the strace output from the working 1.3.6b ftptop binary, to see where it differs from the non-working strace output.

@gjaekel
Copy link
Author

gjaekel commented Mar 14, 2021
edited

For your setup, what does the following show?
$ cd proftpd-1.3.7a
$ grep CURSES config.h

I'm sorry, no differences:

root@evalxfer0 /var/tmp/portage/net-ftp/proftpd-1.3.7a/work/proftpd-1.3.7a # grep CURSES config.h
#define HAVE_NCURSES_H 1
#define HAVE_CURSES_H 1
#define HAVE_LIBCURSES 1
/* #undef HAVE_LIBNCURSES */
#define HAVE_LIBNCURSESW 1
#define PR_USE_CURSES 1
/* #undef PR_USE_NCURSES */
#define PR_USE_NCURSESW 1   

root@prodxfer0 /var/tmp/portage/net-ftp/proftpd-1.3.6-r2/work/proftpd-1.3.6 # grep CURSES config.h
#define HAVE_NCURSES_H 1
#define HAVE_CURSES_H 1
#define HAVE_LIBCURSES 1
/* #undef HAVE_LIBNCURSES */
#define HAVE_LIBNCURSESW 1
#define PR_USE_CURSES 1
/* #undef PR_USE_NCURSES */
#define PR_USE_NCURSESW 1

I may provide you tarballs of the build sandboxes for both versions if you like (each about 20MB). Here you may compare the sources and act with the plain vanilla build commands, e.g. you may invoke make. To get the output above, I run the Gento ebuild process up to the configure step, i.e. all what is need before and up to the call of make configure. I may also send you the sandbox including the complete set of logs after the compile or install step. The later will also do a vanilla install within the sandbox tree. In Gentoo, in the next step this is either "packaged" then or direct rolled out and merged to the root filesystem.

@gjaekel
Copy link
Author

gjaekel commented Mar 14, 2021 

root@evalxfer0 ~ # strace -f ftptop
execve("/usr/bin/ftptop", ["ftptop"], 0x7ffdda296428 /* 29 vars */) = 0
brk(NULL)                               = 0x55b2c489a000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=30142, ...}) = 0
mmap(NULL, 30142, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fb2ab538000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libncursesw.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 \263\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=229720, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb2ab536000
mmap(NULL, 2325560, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fb2ab0e3000
mprotect(0x7fb2ab11a000, 2093056, PROT_NONE) = 0
mmap(0x7fb2ab319000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x36000) = 0x7fb2ab319000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libtinfo.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260\363\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=234128, ...}) = 0
mmap(NULL, 2330968, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fb2aaea9000
mprotect(0x7fb2aaede000, 2093056, PROT_NONE) = 0
mmap(0x7fb2ab0dd000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x34000) = 0x7fb2ab0dd000
mmap(0x7fb2ab0e2000, 344, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fb2ab0e2000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\6i\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=147752, ...}) = 0
mmap(NULL, 2217120, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fb2aac8b000
mprotect(0x7fb2aaca4000, 2093056, PROT_NONE) = 0
mmap(0x7fb2aaea3000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18000) = 0x7fb2aaea3000
mmap(0x7fb2aaea5000, 13472, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fb2aaea5000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0l2\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1733320, ...}) = 0
mmap(NULL, 3839560, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fb2aa8e1000
mprotect(0x7fb2aaa82000, 2093056, PROT_NONE) = 0
mmap(0x7fb2aac81000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a0000) = 0x7fb2aac81000
mmap(0x7fb2aac87000, 13896, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fb2aac87000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libtinfow.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\364\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=238288, ...}) = 0
mmap(NULL, 2335224, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fb2aa6a6000
mprotect(0x7fb2aa6db000, 2097152, PROT_NONE) = 0
mmap(0x7fb2aa8db000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x35000) = 0x7fb2aa8db000
mmap(0x7fb2aa8e0000, 504, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fb2aa8e0000
close(3)                                = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb2ab534000
arch_prctl(ARCH_SET_FS, 0x7fb2ab535040) = 0
mprotect(0x7fb2aac81000, 16384, PROT_READ) = 0
mprotect(0x7fb2aa8db000, 16384, PROT_READ) = 0
mprotect(0x7fb2aaea3000, 4096, PROT_READ) = 0
mprotect(0x7fb2ab0dd000, 16384, PROT_READ) = 0
mprotect(0x7fb2ab319000, 4096, PROT_READ) = 0
mprotect(0x55b2c4898000, 4096, PROT_READ) = 0
mprotect(0x7fb2ab540000, 4096, PROT_READ) = 0
munmap(0x7fb2ab538000, 30142)           = 0
set_tid_address(0x7fb2ab535310)         = 8818
set_robust_list(0x7fb2ab535320, 24)     = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7fb2aac913c4, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fb2aac9d280}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7fb2aac9144e, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb2aac9d280}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
stat("/run/proftpd/proftpd.scoreboard", {st_mode=S_IFREG|0644, st_size=32, ...}) = 0
stat("/run/proftpd/proftpd.scoreboard", {st_mode=S_IFREG|0644, st_size=32, ...}) = 0
rt_sigaction(SIGINT, {sa_handler=0x55b2c4894b7a, sa_mask=[INT], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7fb2aa918090}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGTERM, {sa_handler=0x55b2c4894b7a, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7fb2aa918090}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
brk(NULL)                               = 0x55b2c489a000
brk(0x55b2c48bb000)                     = 0x55b2c48bb000
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
stat("/root/.terminfo", 0x55b2c489aab0) = -1 ENOENT (No such file or directory)
stat("/etc/terminfo", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat("/usr/share/terminfo", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
access("/etc/terminfo/x/xterm-256color", R_OK) = 0
openat(AT_FDCWD, "/etc/terminfo/x/xterm-256color", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=3810, ...}) = 0
read(3, "\36\2%\0&\0\17\0\235\0010\6xterm-256color|xterm"..., 8192) = 3810
read(3, "", 8192)                       = 0
close(3)                                = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TIOCGWINSZ, {ws_row=76, ws_col=157, ws_xpixel=0, ws_ypixel=0}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TIOCGWINSZ, {ws_row=76, ws_col=157, ws_xpixel=0, ws_ypixel=0}) = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0xc8} ---
+++ killed by SIGSEGV +++
Segmentation fault

The working, stopped immediate by q

root@prodxfer0 ~ # echo "q" | strace -f ftptop    
execve("/usr/bin/ftptop", ["ftptop"], 0x7ffdf16fc758 /* 27 vars */) = 0
brk(NULL)                               = 0x5602c1751000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=34230, ...}) = 0
mmap(NULL, 34230, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f658d50b000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libncursesw.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300|\1\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=440528, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f658d509000
mmap(NULL, 2538424, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f658d083000
mprotect(0x7f658d0ea000, 2093056, PROT_NONE) = 0
mmap(0x7f658d2e9000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x66000) = 0x7f658d2e9000
close(3)                                = 0
openat(AT_FDCWD, "/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\263\33\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1816288, ...}) = 0
mmap(NULL, 3922440, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f658ccc5000
mprotect(0x7f658ce7a000, 2093056, PROT_NONE) = 0
mmap(0x7f658d079000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b4000) = 0x7f658d079000
mmap(0x7f658d07f000, 14856, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f658d07f000
close(3)                                = 0
mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f658d506000
arch_prctl(ARCH_SET_FS, 0x7f658d506740) = 0
mprotect(0x7f658d079000, 16384, PROT_READ) = 0
mprotect(0x7f658d2e9000, 16384, PROT_READ) = 0
mprotect(0x5602c174f000, 4096, PROT_READ) = 0
mprotect(0x7f658d514000, 4096, PROT_READ) = 0
munmap(0x7f658d50b000, 34230)           = 0
stat("/var/run/proftpd/proftpd.scoreboard", {st_mode=S_IFREG|0644, st_size=6032, ...}) = 0
stat("/var/run/proftpd/proftpd.scoreboard", {st_mode=S_IFREG|0644, st_size=6032, ...}) = 0
rt_sigaction(SIGINT, {sa_handler=0x5602c154d069, sa_mask=[INT], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f658ccfaba0}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGTERM, {sa_handler=0x5602c154d069, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f658ccfaba0}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
brk(NULL)                               = 0x5602c1751000
brk(0x5602c1772000)                     = 0x5602c1772000
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
stat("/root/.terminfo", 0x5602c1751a80) = -1 ENOENT (No such file or directory)
stat("/etc/terminfo", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat("/usr/share/terminfo", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
access("/etc/terminfo/x/xterm-256color", R_OK) = 0
openat(AT_FDCWD, "/etc/terminfo/x/xterm-256color", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=3713, ...}) = 0
read(3, "\36\2%\0&\0\17\0\235\1\2\6xterm-256color|xterm"..., 32768) = 3713
read(3, "", 24576)                      = 0
close(3)                                = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TIOCGWINSZ, {ws_row=76, ws_col=157, ws_xpixel=0, ws_ypixel=0}) = 0
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TIOCGWINSZ, {ws_row=76, ws_col=157, ws_xpixel=0, ws_ypixel=0}) = 0
brk(0x5602c1793000)                     = 0x5602c1793000
brk(0x5602c17b4000)                     = 0x5602c17b4000
brk(0x5602c17d5000)                     = 0x5602c17d5000
brk(0x5602c17f7000)                     = 0x5602c17f7000
brk(0x5602c1818000)                     = 0x5602c1818000
brk(0x5602c1839000)                     = 0x5602c1839000
brk(0x5602c185a000)                     = 0x5602c185a000
ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, SNDCTL_TMR_STOP or TCSETSW, {B38400 opost isig -icanon echo ...}) = 0
ioctl(1, SNDCTL_TMR_STOP or TCSETSW, {B38400 opost isig -icanon -echo ...}) = 0
                                                                               rt_sigaction(SIGTSTP, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
  rt_sigaction(SIGTSTP, {sa_handler=0x7f658d0acda7, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f658ccfaba0}, NULL, 8) = 0
                                                                                                                                          rt_sigaction(SIGINT, NULL, {sa_handler=0x5602c154d069, sa_mask=[INT], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f658ccfaba0}, 8) = 0
                                                                                                                       rt_sigaction(SIGTERM, NULL, {sa_handler=0x5602c154d069, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f658ccfaba0}, 8) = 0
                                                                                                      rt_sigaction(SIGWINCH, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
                          rt_sigaction(SIGWINCH, {sa_handler=0x7f658d0accb0, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f658ccfaba0}, NULL, 8) = 0
                                                                                                                                                        ioctl(1, TCGETS, {B38400 opost isig -icanon -echo ...}) = 0
                                                      ioctl(1, SNDCTL_TMR_STOP or TCSETSW, {B38400 opost isig -icanon -echo ...}) = 0
                                                                                                                                     write(1, "\33[?1049h\33[) = 25t\33[1;76r\33(B\33[m\33["..., 45
      ioctl(1, SNDCTL_TMR_STOP or TCSETSW, {B38400 opost isig icanon echo ...}) = 0
exit_group(0)                           = ?
+++ exited with 0 +++

@gjaekel
Copy link
Author

gjaekel commented Mar 14, 2021
edited

I'm also able to provide you a core dump, now! (34k compressed)

root@evalxfer0 ~ # gdb-get-backtrace /usr/bin/ftptop proftpd-1.3.7a.core
[New LWP 21226]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `ftptop'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007fa34193777e in termattrs_sp () from /lib64/libncursesw.so.6

Thread 1 (Thread 0x7fa341d6b040 (LWP 21226)):
#0  0x00007fa34193777e in termattrs_sp () from /lib64/libncursesw.so.6
No symbol table info available.
#1  0x00007fa341934d1b in _nc_setupscreen_sp () from /lib64/libncursesw.so.6
No symbol table info available.
#2  0x00007fa341930926 in newterm_sp () from /lib64/libncursesw.so.6
No symbol table info available.
#3  0x00007fa341930d89 in newterm () from /lib64/libncursesw.so.6
No symbol table info available.
#4  0x00007fa34192d036 in initscr () from /lib64/libncursesw.so.6
No symbol table info available.
#5  0x0000562f42f4d590 in main ()
No symbol table info available.

@Castaglia
Copy link
Member

That backtrace helps quite a bit, actually. What's odd about it is that it shows the segfault occurring when we call initscr() from ftptop. That initscr() function call hasn't changed between 1.3.6b and 1.3.7a, nor did we change any of the functions/setup process before we call it.

What does ldd /usr/bin/ftptop, for the working and non-working builds, show?

@gjaekel
Copy link
Author

gjaekel commented Mar 14, 2021
edited

Working 1.3.6b ...

root@prodxfer0 ~ # ldd /usr/bin/ftptop 
	linux-vdso.so.1 (0x00007ffe951e8000)
	libncursesw.so.6 => /lib64/libncursesw.so.6 (0x00007fb7a1f88000)
	libc.so.6 => /lib64/libc.so.6 (0x00007fb7a1bca000)
	/lib64/ld-linux-x86-64.so.2 (0x00007fb7a23fa000)

Non-working 1.3.7a

root@evalxfer0 ~ # ldd /usr/bin/ftptop 
	linux-vdso.so.1 (0x00007fff3a147000)
	libncursesw.so.6 => /lib64/libncursesw.so.6 (0x00007fd06736c000)
	libtinfo.so.6 => /lib64/libtinfo.so.6 (0x00007fd067132000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fd066f14000)
	libc.so.6 => /lib64/libc.so.6 (0x00007fd066b6a000)
	libtinfow.so.6 => /lib64/libtinfow.so.6 (0x00007fd06692f000)
	/lib64/ld-linux-x86-64.so.2 (0x00007fd0675a4000)

If you tell me an destination, I may upload the things offered above.

I may also insert any debug code you propose into the source if you like..

@Castaglia
Copy link
Member

No, based on some other findings, I think this is a Gentoo-specific issue with ncursesw-6, unfortunately. See:

The bug is that, when linking against libncursesw-6, the Gentoo linker links against both tinfo and tinfow -- and that's what's causing the segfault.

I may be able to address this, but, to help that, what does the following show?

$ cd proftpd/
$ grep TINFO config.h

Castaglia added a commit that referenced this issue Mar 14, 2021
@Castaglia
Issue #1174: Check for the libtinfow library when ncursesw is being u…
a33f565 
…sed.

On some systems, such as Gentoo, linking against libtinfo with libncursesw,
rather than libtinfow, leads to segfaults.
@gjaekel
Copy link
Author

gjaekel commented Mar 14, 2021

Since two minutes, I can confirm that's not direct from a code change related to utils/ftptop.c:

I ported back the old, withdrawn ebuild for 1.3.6 to the current Eval stage and let this version run up to the step you know as make compile: The builded ftptop also crash!

@gjaekel
Copy link
Author

gjaekel commented Mar 14, 2021

Old:

root@prodxfer0 /var/tmp/portage/net-ftp/proftpd-1.3.6-r2/work/proftpd-1.3.6 # grep TINFO config.h
/* #undef HAVE_LIBTINFO */

New:

root@evalxfer0 /var/tmp/portage/net-ftp/proftpd-1.3.7a/work/proftpd-1.3.7a # grep TINFO config.h
#define HAVE_LIBTINFO 1

@gjaekel
Copy link
Author

gjaekel commented Mar 14, 2021

Do you think something like https://github.com/jonas/tig/pull/585/files will fix it?

@gjaekel
Copy link
Author

gjaekel commented Mar 14, 2021

Oh! It's mentioned at https://bugs.gentoo.org/692954#c16 and before.

I confirm that the PoC to run by LD_PRELOAD='/lib/libtinfow.so.6.2' ftptop work!

@Castaglia
Copy link
Member

Could you see if #1198 also fixes this?

@gjaekel
Copy link
Author

gjaekel commented Mar 14, 2021
edited

There a lot of diffs between the 1.3.7a and the files of #1198. But building run through. And ftptop starts!

Did that mean that you see the issue in your domain or have it to be fixed at Gentoo side?

@Castaglia
Copy link
Member

It's one of those issues where it occurs on Gentoo because of how their libraries are set up; not every platform will see these same issues. But the solution does need to be in ProFTPD's build system; it needs to detect, and use, libtinfow (instead of libtinfo) when available.

Thanks for confirming the fix!

@Castaglia Castaglia changed the title ftptop: segfault occurs ftptop segfaults when using libncursesw on Gentoo Mar 14, 2021
@Castaglia Castaglia added this to the 1.3.8 milestone Mar 14, 2021
Castaglia added a commit that referenced this issue Mar 14, 2021
@Castaglia
Issue #1174: Check for the libtinfow library when ncursesw is being u…
ff41372 
…sed.

On some systems, such as Gentoo, linking against libtinfo with libncursesw,
rather than libtinfow, leads to segfaults.
Castaglia added a commit that referenced this issue Mar 14, 2021
@Castaglia
Updated NEWS for backport of fix for Issue #1174 to the 1.3.7 branch.
965cf9a
Castaglia added a commit that referenced this issue Mar 14, 2021
@Castaglia
Merge pull request #1198 from proftpd/ftptop-ncursesw-tinfow-issue1174
283d48b 
Issue #1174: Check for the libtinfow library when ncursesw is being u…
Castaglia added a commit that referenced this issue Mar 14, 2021
@Castaglia
Updated NEWS for fix for Issue #1174.
5fa01bc
@Castaglia
Copy link
Member

Fix merged to master, and backported to the 1.3.7 branch. Thanks!

@gjaekel
Copy link
Author

gjaekel commented Mar 14, 2021

Thank you for your continuation and the time you spend in the analysis!

I may rise an Issue and Pull Request for a so called "bumped" ebuild at the Gentoo Portage Git right after you release the backport (as 1.3.7b?). Please give me a notice.

For your reference: ProFTPd the is run at German National Library as a frontend for two B2B services. At a first vhost, the german publishers deliver their electronic publications. At a second, we offer library catalogue and other business data to other German subordinated libraries.

@thesamesam
Copy link
Contributor

@gjaekel I reported this downstream and we've backported it. Big thanks to both you and @Castaglia!

@gjaekel
Copy link
Author

gjaekel commented Mar 21, 2021

@thesamesam Thank you for jumping in! I was to busy at work last days to file it at Gentoo.

@Castaglia Castaglia mentioned this issue Mar 23, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Castaglia Castaglia

Labels
backport bug
Projects
None yet
Milestone
1.3.8
Development

No branches or pull requests
3 participants
@Castaglia @thesamesam @gjaekel