http://bugzilla.opensuse.org/show_bug.cgi?id=1109949 Bug ID: 1109949 Summary: foma segfault Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: i586 OS: openSUSE Factory Status: NEW Severity: Critical Priority: P5 - None Component: Other Assignee: tchvatal@suse.com Reporter: bwiedemann@suse.com QA Contact: qa-bugs@suse.de CC: sbrabec@suse.com Blocks: 1109534 Found By: Development Blocker: --- While working on reproducible builds for openSUSE, I found that the malaga-suomi noarch package differs between i586 and x86_64. This turned out to be because on i586, the call foma -f vvfst/main.foma segfaults. Here is a log-diff: Determinizing... Minimizing... Done! 7.4 MB. 426835 states, 487127 arcs, Cyclic. - defined Lexicon: 7.4 MB. 426835 states, 487127 arcs, Cyclic. - defined ItoE: 517 bytes. 3 states, 10 arcs, Cyclic. - defined Lengthening: 1.9 kB. 9 states, 90 arcs, Cyclic. - defined HV: 2.5 kB. 17 states, 125 arcs, Cyclic. - variable flag-is-epsilon = ON - 7.5 MB. 428390 states, 489583 arcs, Cyclic. - 7.5 MB. 428390 states, 489583 arcs, Cyclic. - defined Lexicon2: 7.5 MB. 428390 states, 489583 arcs, Cyclic. - 7.5 MB. 428383 states, 489496 arcs, Cyclic. - 7.5 MB. 428383 states, 489496 arcs, Cyclic. - Writing AT&T file: vvfst/all.att + defined Lexicon: 7.4 MB. free(): invalid pointer ! grep ']]' vvfst/all.att and the malaga-suomi Makefile fails to notice this failure. Steps to Reproduce: osc co openSUSE:Factory/malaga-suomi && cd $_ osc build --noservice -x valgrind -x foma-debuginfo standard i586 osc chroot standard i586 cd /home/abuild/rpmbuild/BUILD/voikko-fi-2.1/ && valgrind foma -f vvfst/main.foma defined Lexicon: 7.4 MB. 426835 states, 487127 arcs, Cyclic. ==27888== Invalid write of size 1 ==27888== at 0x412326B: _IO_default_xsputn (in /lib/libc-2.27.so) ==27888== by 0x41163DD: _IO_padn (in /lib/libc-2.27.so) ==27888== by 0x40F8FC1: vfprintf (in /lib/libc-2.27.so) ==27888== by 0x41A2755: __vsprintf_chk (in /lib/libc-2.27.so) ==27888== by 0x41A267F: __sprintf_chk (in /lib/libc-2.27.so) ==27888== by 0x805C728: UnknownInlinedFun (stdio2.h:33) ==27888== by 0x805C728: fsm_rewrite (rewrite.c:108) ==27888== by 0x807D0BE: yyparse (regex.y:263) ==27888== by 0x80764DB: my_yyparse (regex.l:130) ==27888== by 0x80518D8: interfacelex (interface.l:355) ==27888== by 0x8056324: my_interfaceparse (interface.l:108) ==27888== by 0x8049509: main (foma.c:117) ==27888== Address 0x767f784 is 0 bytes after a block of size 4 alloc'd ==27888== by 0x8073207: xxmalloc (mem.c:77) ==27888== by 0x805C6EF: fsm_rewrite (rewrite.c:106) ==27888== by 0x807D0BE: yyparse (regex.y:263) ==27888== by 0x80764DB: my_yyparse (regex.l:130) ==27888== by 0x80518D8: interfacelex (interface.l:355) ==27888== by 0x8056324: my_interfaceparse (interface.l:108) ==27888== by 0x8049509: main (foma.c:117) I think the bad code is around foma/rewrite.c:106 rb->namestrings = xxmalloc(sizeof rb->namestrings * num_rules); for (i = 0; i < rb->num_rules; i++) { sprintf(rb->namestrings[i], "@#%04i@", i+1); } -- You are receiving this mail because: You are on the CC list for the bug.