CC'ing ncurses maintainer, it looks like the library might be at fault here.
On 2018-05-15 03:05 +0900, nozzy123no...@gmail.com wrote: > Package: f-irc > Version: 1.36-1+b3 > Severity: serious > > Dear Maintainer, > > This version of f-irc always gets SEGV when TERM environmental > variable set to xterm-256color ,which is default under gnome-terminal. > > However, when I set TERM to xterm,vt100 or kterm,f-irc seems to work > well. > > Does anyone fix this problem? No fix, but at least a backtrace in gdb: ,---- | Program received signal SIGSEGV, Segmentation fault. | _nc_pair_content (sp=0x5659daf0, pair=7353, f=0xffffd1a4, b=0xffffd1a8) at ../../ncurses/base/lib_color.c:942 | 942 int bg = BACK_OF(sp->_color_pairs[pair]); | (gdb) bt full | #0 _nc_pair_content (sp=0x5659daf0, pair=7353, f=0xffffd1a4, b=0xffffd1a8) at ../../ncurses/base/lib_color.c:942 | fg = <error reading variable fg (Cannot access memory at address 0x56643004)> | bg = <optimized out> | result = 1449406468 | #1 0xf7f713de in pair_content_sp (sp=0x5659daf0, pair=7353, f=0xffffd216, b=0xffffd218) | at ../../ncurses/base/lib_color.c:972 | my_f = 0 | my_b = 0 | rc = <optimized out> | #2 0xf7f7147a in pair_content (pair=7353, f=0xffffd216, b=0xffffd218) at ../../ncurses/base/lib_color.c:984 | No locals. | #3 0x5657b88b in init_nick_colorpairs () at nickcolor.c:90 | pair = 7353 | cr = 680 | cg = 0 | cb = 680 | loop = 5 | fg = 0 | bg = 0 | fg_r = 255 | fg_g = 255 | fg_b = 255 | bg_r = 0 | bg_g = 0 | bg_b = 0 | #4 0x5655d7b3 in main (argc=1, argv=0xffffd394) at main.c:670 | config_loaded = -1 `---- To investigate the issue more closely, I set a breakpoint on pair_content and used the "cont" command with some increments until I got to the critical value of pair=7353. Then I single-stepped through the code: ,---- | Breakpoint 1, pair_content (pair=7353, f=0xffffd216, b=0xffffd218) at ../../ncurses/base/lib_color.c:983 | 983 { | (gdb) step | 984 return NCURSES_SP_NAME(pair_content) (CURRENT_SCREEN, pair, f, b); | (gdb) step | pair_content_sp (sp=0x5659daf0, pair=7353, f=0xffffd216, b=0xffffd218) at ../../ncurses/base/lib_color.c:970 | 970 { | (gdb) step | 972 int rc = _nc_pair_content(SP_PARM, pair, &my_f, &my_b); | (gdb) step | 970 { | (gdb) step | 972 int rc = _nc_pair_content(SP_PARM, pair, &my_f, &my_b); | (gdb) step | _nc_pair_content (sp=0x5659daf0, pair=7353, f=0xffffd1a4, b=0xffffd1a8) at ../../ncurses/base/lib_color.c:929 | 929 { | (gdb) step | 938 if (!ValidPair(sp, pair)) { | (gdb) step | 941 int fg = FORE_OF(sp->_color_pairs[pair]); | (gdb) step | 951 if (f) | (gdb) step | 941 int fg = FORE_OF(sp->_color_pairs[pair]); | (gdb) step | 942 int bg = BACK_OF(sp->_color_pairs[pair]); | (gdb) step | | Program received signal SIGSEGV, Segmentation fault. | _nc_pair_content (sp=0x5659daf0, pair=7353, f=0xffffd1a4, b=0xffffd1a8) at ../../ncurses/base/lib_color.c:942 | 942 int bg = BACK_OF(sp->_color_pairs[pair]); `---- What is sp->_color_pairs[pair] ? It is not accessible: ,---- | (gdb) print sp->_color_pairs[pair] | Cannot access memory at address 0x56643004 | (gdb) print sp->_color_pairs[pair-1] | Cannot access memory at address 0x56643000 | (gdb) print sp->_color_pairs[pair-2] | $1 = {fg = 0, bg = 0, mode = 0, prev = 0, next = 0} `---- So it seems that the ncurses library did not allocate enough memory to hold all the color pairs in sp->_color_pairs, resulting in the eventual heap buffer overflow. That's how far I have tracked the issue, hopefully Thomas Dickey can investigate it further and even provide a fix. Cheers, Sven