> Confirmed using etch i386 (though an amd64 processor). Attached output > of megahal and strace.
The attached patch fixes a stack corruption issue on 64-bit architectures (reading 8 bytes into a 4-byte buffer) and an off-by-one sprintf overflow in the error and status file name initialization code. The stack corruption makes megahal reliably crash for me on amd64 every time it tries to load a saved dictionary. However, the original problem is on i386 and happens earlier in the initialization code. I can't reproduce it myself, but I think it might well be caused by the sprintf overflow. Note that Neil's strace in http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=27;filename=megahal.trace.log;att=1;bug=454212 has open("/home/nmcgovern/.megahal/megahal.logi", O_WRONLY|O_APPEND|O_CREAT, 0666) = 3 and -rw-r--r-- 1 nmcgovern users 380 2007-12-19 11:37 megahal.logi? while the intended filename is "megahal.log". So there's definitely at least some corruption happening here. Could somebody (Neil?) try if the bug persists with this patch? Cheers, -- Niko Tyni [EMAIL PROTECTED]
diff --git a/megahal.c b/megahal.c index 9d4b3ae..cfb1bbc 100644 --- a/megahal.c +++ b/megahal.c @@ -417,7 +417,7 @@ void megahal_initialize(void) errorfp = stderr; statusfp = stdout; - filenamebuff = (char *) malloc (strlen (directory) + 12); + filenamebuff = (char *) malloc (strlen (directory) + strlen(SEP) + 12); sprintf(filenamebuff, "%s%s%s", directory, SEP, errorfilename); initialize_error(filenamebuff); @@ -1384,7 +1384,7 @@ void save_dictionary(FILE *file, DICTIONARY *dictionary) void load_dictionary(FILE *file, DICTIONARY *dictionary) { register int i; - int size; + BYTE4 size; fread(&size, sizeof(BYTE4), 1, file); progress("Loading dictionary", 0, 1);