Segfault when resizing the terminal in VV after we come from VV -> v -> g

[fcasal]

Work environment

Questions	Answers
OS/arch/bits	16.04.1 Ubuntu x86_64
File format of the file you reverse	ELF
Architecture/bits of the file	x86/64
r2 -v	radare2 2.4.0-git 17311 @ linux-x86-64 git.2.2.0-444-g8c683ea commit: 8c683ea build: 2018-02-12__15:10:42
r2 -V	https://gist.github.com/fcasal/75b79f13ad691d3145cdd7b8b1c4b73a

TLDR

There is a segfault when resizing the terminal in VV after we come from VV -> v -> g.

Steps to reproduce the behaviour

mandlebro@machine:$ r2 /bin/ls -c 'af;VV'
             > v
             > g
              [resize terminal]
Segmentation fault (core dumped)

The offending line is 3115 of graph.c:

3113		if (g->is_instep && core->io->debug) {
3114			// seek only when the graph node changes
3115			const char *pc = r_reg_get_name (core->dbg->reg, R_REG_NAME_PC);
3116			RRegItem *r = r_reg_get (core->dbg->reg, pc, -1);

where core->dbg is NULL. Is checking the null of core->dbg in the if ok? Or should we not be in this if since we are not even debugging?

Backtrace:

#0  0x00007f26306bf469 in agraph_refresh (grd=0x55bd66122540 <r>) at graph.c:3115
#1  0x00007f262ff3456b in resize (sig=28) at cons.c:279
#2  <signal handler called>
#3  0x00007f262c5ef4fe in __read_nocancel () at ../sysdeps/unix/syscall-template.S:84
#4  0x00007f262ff40237 in r_cons_readchar () at input.c:482
#5  0x00007f26306c1405 in r_core_visual_graph (core=0x55bd66122540 <r>, g=0x55bd66ffc190, _fcn=0x0, is_interactive=1) at graph.c:3661
#6  0x00007f26306ad4d5 in r_core_visual_cmd (core=0x55bd66122540 <r>, arg=0x7ffd37aa3fd0 "V") at visual.c:2012
#7  0x00007f26306b1358 in r_core_visual (core=0x55bd66122540 <r>, input=0x55bd66e28d51 "") at visual.c:3063
#8  0x00007f263068f7a4 in cmd_visual (data=0x55bd66122540 <r>, input=0x55bd66e28d51 "") at cmd.c:1139
#9  0x00007f26306daf3c in r_cmd_call (cmd=0x55bd66d91b30, input=0x55bd66e28d50 "V") at cmd_api.c:233
#10 0x00007f263069387e in r_core_cmd_subst_i (core=0x55bd66122540 <r>, cmd=0x55bd66e28d50 "V", colon=0x0) at cmd.c:2493
#11 0x00007f263069099b in r_core_cmd_subst (core=0x55bd66122540 <r>, cmd=0x55bd66e28d50 "V") at cmd.c:1620
#12 0x00007f2630695dbc in r_core_cmd (core=0x55bd66122540 <r>, cstr=0x55bd66fee7b0 "V", log=1) at cmd.c:3142
#13 0x00007f2630609342 in r_core_prompt_exec (r=0x55bd66122540 <r>) at core.c:2102
#14 0x000055bd65f1f20f in main (argc=2, argv=0x7ffd37aa4868, envp=0x7ffd37aa4880) at radare2.c:1330
#15 0x00007f262c235830 in __libc_start_main (main=0x55bd65f1bdb6 <main>, argc=2, argv=0x7ffd37aa4868, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffd37aa4858) at ../csu/libc-start.c:291
#16 0x000055bd65f1b0f9 in _start ()

[radare]

i can reproduce, fixing

…

On 12 Feb 2018, at 10:26, fcasal ***@***.***> wrote: Work environment Questions Answers OS/arch/bits 16.04.1 Ubuntu x86_64 File format of the file you reverse ELF Architecture/bits of the file x86/64 r2 -v radare2 2.4.0-git 17311 @ linux-x86-64 git.2.2.0-444-g8c683ea commit: 8c683ea <8c683ea> build: 2018-02-12__15:10:42 r2 -V https://gist.github.com/fcasal/75b79f13ad691d3145cdd7b8b1c4b73a <https://gist.github.com/fcasal/75b79f13ad691d3145cdd7b8b1c4b73a> TLDR There is a segfault when resizing the terminal in VV after we come from VV -> v -> g. Steps to reproduce the behaviour ***@***.***:$ r2 /bin/ls -c 'af;VV' > v > g [resize terminal] Segmentation fault (core dumped) The offending line is 3115 of graph.c: 3113 if (g->is_instep && core->io->debug) { 3114 // seek only when the graph node changes 3115 const char *pc = r_reg_get_name (core->dbg->reg, R_REG_NAME_PC); 3116 RRegItem *r = r_reg_get (core->dbg->reg, pc, -1); where core->dbg is NULL. Is checking the null of core->dbg in the if ok? Or should we not be in this if since we are not even debugging? Backtrace: #0 0x00007f26306bf469 in agraph_refresh (grd=0x55bd66122540 <r>) at graph.c:3115 #1 0x00007f262ff3456b in resize (sig=28) at cons.c:279 #2 <signal handler called> #3 0x00007f262c5ef4fe in __read_nocancel () at ../sysdeps/unix/syscall-template.S:84 #4 0x00007f262ff40237 in r_cons_readchar () at input.c:482 #5 0x00007f26306c1405 in r_core_visual_graph (core=0x55bd66122540 <r>, g=0x55bd66ffc190, _fcn=0x0, is_interactive=1) at graph.c:3661 #6 0x00007f26306ad4d5 in r_core_visual_cmd (core=0x55bd66122540 <r>, arg=0x7ffd37aa3fd0 "V") at visual.c:2012 #7 0x00007f26306b1358 in r_core_visual (core=0x55bd66122540 <r>, input=0x55bd66e28d51 "") at visual.c:3063 #8 0x00007f263068f7a4 in cmd_visual (data=0x55bd66122540 <r>, input=0x55bd66e28d51 "") at cmd.c:1139 #9 0x00007f26306daf3c in r_cmd_call (cmd=0x55bd66d91b30, input=0x55bd66e28d50 "V") at cmd_api.c:233 #10 0x00007f263069387e in r_core_cmd_subst_i (core=0x55bd66122540 <r>, cmd=0x55bd66e28d50 "V", colon=0x0) at cmd.c:2493 #11 0x00007f263069099b in r_core_cmd_subst (core=0x55bd66122540 <r>, cmd=0x55bd66e28d50 "V") at cmd.c:1620 #12 0x00007f2630695dbc in r_core_cmd (core=0x55bd66122540 <r>, cstr=0x55bd66fee7b0 "V", log=1) at cmd.c:3142 #13 0x00007f2630609342 in r_core_prompt_exec (r=0x55bd66122540 <r>) at core.c:2102 #14 0x000055bd65f1f20f in main (argc=2, argv=0x7ffd37aa4868, envp=0x7ffd37aa4880) at radare2.c:1330 #15 0x00007f262c235830 in __libc_start_main (main=0x55bd65f1bdb6 <main>, argc=2, argv=0x7ffd37aa4868, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffd37aa4858) at ../csu/libc-start.c:291 #16 0x000055bd65f1b0f9 in _start () — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#9381>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AA3-luOF2dL5BKERAI0UZEnVE-pSOxcyks5tUGY6gaJpZM4SCcPf>.

[sivaramaaa]

It's been fixed with this commit a2a19b4