Bug#848156: Fix; NMU to DELAYED/5

Wed, 21 Dec 2016 16:57:55 -0800 

control: tag -1 patch

Hi,

I can reproduce the segfault on my amd64 system. The segfault happens
near the end of the convert() function. This is what I got after adding
'OPTIMIZE' => '-O0 -g -ggdb' to Makefile.PL and rebuilding from from
source:

,----
| Starting program: /usr/bin/perl -Mblib -MText::Unaccent -e print\ 
unac_string\(\"utf-8\",\"aaaaaaaaaaa\"\)
| [Thread debugging using libthread_db enabled]
| Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
| 
| Program received signal SIGSEGV, Segmentation fault.
| 0x00007ffff6cd12ae in convert (from=0x5555559652a0 "utf-8", to=0x7ffff6cd1564 
"UTF-16BE",
|     in=0x5555559802db "", in_length=0, outp=0x7fffffffdb88, 
out_lengthp=0x7fffffffdb84) at unac.c:13864
| 13864     (*outp)[*out_lengthp] = '\0';
| (gdb) bt
| #0  0x00007ffff6cd12ae in convert (from=0x5555559652a0 "utf-8", 
to=0x7ffff6cd1564 "UTF-16BE",
|     in=0x5555559802db "", in_length=0, outp=0x7fffffffdb88, 
out_lengthp=0x7fffffffdb84) at unac.c:13864
| #1  0x00007ffff6cd1368 in unac_string (charset=0x5555559652a0 "utf-8",
|     in=0x5555559802d0 'a' <repeats 11 times>, in_length=11, 
outp=0x7ffff6ed99a0 <buffer>,
|     out_lengthp=0x7ffff6ed99a8 <buffer_length>) at unac.c:13888
| #2  0x00007ffff6cd003d in XS_Text__Unaccent_unac_string 
(my_perl=0x555555941010, cv=0x555555ab1778)
|     at Unaccent.xs:69
| #3  0x00005555556280b0 in Perl_pp_entersub (my_perl=0x555555941010) at 
pp_hot.c:3987
| #4  0x00005555556205d6 in Perl_runops_standard (my_perl=0x555555941010) at 
run.c:41
| #5  0x00005555555a66e9 in S_run_body (oldscope=1, my_perl=0x555555941010) at 
perl.c:2488
| #6  perl_run (my_perl=0x555555941010) at perl.c:2411
| #7  0x000055555557f85d in main (argc=<optimized out>, argv=<optimized out>, 
env=<optimized out>)
|     at perlmain.c:116
`----

It turns out that the compiler warnings about incompatible pointer types
are spot on: When *out_length is set at the end of convert, it
overwrites parts of *outp, leading to the crash.

The attached patch fixes the issue as described, it outputs a single
character "a" as expected; I have done an NMU to DELAYED/5. Please let
me know if I should reschedule or cancel my upload.

Cheers,
-Hilko

Attachment: libtext-unaccent-perl_1.08-1.3.debdiff
Description: test/patch

Reply via email to