lib/54085: curses crash with non-ascii on bottom line

[dholland%eecs.harvard.edu@localhost]

>Number:         54085
>Category:       lib
>Synopsis:       curses crash with non-ascii on bottom line
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Mar 27 23:15:00 +0000 2019
>Originator:     David Holland
>Release:        NetBSD 8.99.36 (20190325)
>Organization:
>Environment:
System: NetBSD macaran 8.99.36 NetBSD 8.99.36 (MACARAN) #52: Mon Mar 25 18:43:37 EDT 2019 dholland@macaran:/usr/src/sys/arch/amd64/compile/MACARAN amd64
Architecture: x86_64
Machine: amd64
>Description:

The following program segfaults in curses. The crash occurs here:

Thread 2 received signal SIGSEGV, Segmentation fault.
0x00007d0062c1adbd in ?? () from /usr/lib/libcurses.so.7
(gdb) where
#0  0x00007d0062c1adbd in ?? () from /usr/lib/libcurses.so.7
#1  0x00007d0062c1c63e in doupdate () from /usr/lib/libcurses.so.7
#2  0x00007d0062c1de6d in wrefresh () from /usr/lib/libcurses.so.7
#3  0x0000000000400ccb in main () at curse.c:13
(gdb) x/i 0x00007d0062c1adbd
=> 0x7d0062c1adbd:      mov    (%rdx),%ecx
(gdb) 

and "info registers" shows that %rdx contains 0xa5a5a5a5a5a5a5a5.

This is with the new jemalloc, which might or might not actually be
related.

>How-To-Repeat:

   ------ snip ------
#include <string.h>
#include <unistd.h>
#include <curses.h>

int main(void) {
   initscr();
   cbreak();
   noecho();
   nl();
   clear();
   move(LINES-1, 0); /* must be on last line */
   addch(0x10); /* control characters or from 0x7f through 0xff */
   refresh();
   sleep(1);
   endwin();
   return 0;
}
   ------ snip ------

>Fix:

dunno.