https://bugzilla.novell.com/show_bug.cgi?id=715578 https://bugzilla.novell.com/show_bug.cgi?id=715578#c0 Summary: memory corruption in make tool Classification: openSUSE Product: openSUSE 11.4 Version: Final Platform: x86-64 OS/Version: openSUSE 11.4 Status: NEW Severity: Normal Priority: P5 - None Component: Development AssignedTo: pth@suse.com ReportedBy: mareksk7@gmail.com QAContact: qa@suse.de Found By: --- Blocker: --- Created an attachment (id=448941) --> (http://bugzilla.novell.com/attachment.cgi?id=448941) Console traces and callstack User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:6.0) Gecko/20100101 Firefox/6.0 While building rowboat repository I got crash of make tool. After investigation I have found that the problem is related to unexpected string format passed to function func_sort() (function.c). At first stage this function parses passed character string using isspace() function in order to count number of tokens. wordi = 1; while (*t != '\0') { char c = *(t++); if (! isspace ((unsigned char)c)) continue; ++wordi; while (isspace ((unsigned char)*t)) ++t; } Then there is allocated an array 'words', which will be sorted. words = xmalloc (wordi * sizeof (char *)); Then the same string is parsed using another function find_next_token(), pointers to token are stored in the previously allocated array, etc. The find_next_token() function is using another method to split a string into tokens, i.e isblank(). char * next_token (const char *s) { while (isblank ((unsigned char)*s)) ++s; return (char *)s; } char * find_next_token (const char **ptr, unsigned int *lengthptr) { const char *p = next_token (*ptr); if (*p == '\0') return 0; *ptr = end_of_token (p); if (lengthptr != 0) *lengthptr = *ptr - p; return (char *)p; } In case the character string contains any space characted different from 'space' or 'tab' character we may have different number of tokens at each step: - used for allocated the array - stored in array In my case the string passed to func_sort() contains *new-line* characters, which cause that number of token used to allocated is lower than numbers of tokens stored in array. I don't know yet how this string has been produced. The modification below fixes my case, but I am afraid that there may be more similar cases. --- misc.c.org 2010-07-19 09:10:54.000000000 +0200 +++ misc.c 2011-09-01 22:30:03.390673884 +0200 @@ -508,7 +508,7 @@ char * next_token (const char *s) { - while (isblank ((unsigned char)*s)) + while (isspace ((unsigned char)*s)) ++s; return (char *)s; } Reproducible: Always Steps to Reproduce: 1.Pull rowboat repository 2.Issue command 'make TARGET_PRODUCT=beagleboard' 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.