Re: [PATCH] textproc/ispell segfaults immediately on being run

Sat, 03 Jun 2017 02:59:58 -0700 

On 2017/06/03 17:59, Bryan Linton wrote:
> On 2017-06-03 09:23:18, Stuart Henderson <s...@spacehopper.org> wrote:
> > On 2017/06/03 15:50, Bryan Linton wrote:
> > > 
> > > Ping?  No users of ispell here?
> > > 
> > 
> > It works here, can you build with symbols (make clean && make repackage
> > DEBUG=-g) and get a backtrace?
> > 
> 
> Sure, here it is, along with some more information that may be relevant.
> 
> % ispell
> ispell(84800) in free(): bogus pointer (double free?) 0x687361
> zsh: abort (core dumped)  ispell

> #2  0x000019945ba50566 in wrterror (d=0x7f7ffffea720, 
>     msg=0x19945bb82168 "bogus pointer (double free?) %p")
>     at /usr/src/lib/libc/stdlib/malloc.c:306
> #3  0x000019945ba51c8d in ofree (argpool=0x19946bab8c60, p=0x687361, clear=0,
>     check=0, argsz=0) at /usr/src/lib/libc/stdlib/malloc.c:1411
> #4  0x000019945ba51f03 in free (ptr=0x687361)
>     at /usr/src/lib/libc/stdlib/malloc.c:1444
> #5  0x00001991e3c07711 in init_keyword_table (rawtags=Variable "rawtags" is 
> not available.
> ) at defmt.c:1316
> #6  0x00001991e3c01a66 in main (argc=0, argv=0x7f7ffffebb30) at ispell.c:889

0x687361 (keywordbuf) seems unlikely to be a correct address and the
fact that it's a representation of ascii chars "ash" seems like it could
be more than a coincidence.

I don't see the code setting keywordbuf to anything odd.

I don't know if it's related, but one thing which does stick out is that
this is happening just after a qsort() and the implementation of this
was changed recently in libc (17-30 May). CC'ing millert just in case.

 1308     qsort ((char *) keywords->kwlist, keywords->numkw,
 1309       sizeof keywords->kwlist[0],
 1310       (int (*) P ((const void *, const void *))) tagcmp);
 1311 
 1312     if (keywords->maxlen > maxkeywordlen)
 1313         {
 1314         maxkeywordlen = keywords->maxlen;
 1315         if (keywordbuf != NULL)
>1316             free (keywordbuf);
 1317         keywordbuf = (unsigned char *)
 1318           malloc ((maxkeywordlen + 1) * sizeof keywordbuf[0]);
 1319         if (keywordbuf == NULL)
 1320             {
 1321             fprintf (stderr, DEFMT_C_NO_SPACE);
 1322             exit(1);
 1323             }
 1324         }
 1325     return 0;
 1326     }

It would be really nice to be able to replicate this, let's try to
figure out what's different about your setup.

Do you have any .ispell* files?

Do you have any of the other dictionary packages (ispell-dutch,
ispell-french, etc) installed?

Does it happen with a clean environment ("env -i ispell") as well?
If not, what's in your usual environment?

Reply via email to