[Bug 701074] [NEW] cuneiform crash due to buffer overflow

Alexey Nezhdanov Mon, 10 Jan 2011 08:11:08 -0800

Public bug reported:

Binary package hint: cuneiform


Valgrind stack trace:
**30430** *** memcpy_chk: buffer overflow detected ***: program terminated
==30430==    at 0x4C29F83: VALGRIND_PRINTF_BACKTRACE (valgrind.h:4214)
==30430==    by 0x4C2A09D: __memcpy_chk (mc_replace_strmem.c:867)
==30430==    by 0xA3E395B: MoveUpDownBitmap2 (string3.h:52)
==30430==    by 0xA3E4169: Razmaz2 (p2_thick.c:316)
==30430==    by 0xA3D1E46: FONRecog2Glue (dist_bou.c:1923)
==30430==    by 0x98FF252: RerecogInRect (p2_proc.c:1921)
==30430==    by 0x98FF431: GlueRerecog (p2_proc.c:2007)
==30430==    by 0x9902A02: p2_processWord (p2_proc.c:574)
==30430==    by 0x99036F9: p2_proc (p2_proc.c:1307)
==30430==    by 0x91CC8C0: pass3 (pass3.c:776)
==30430==    by 0x91DEC43: RSTRRecognizeMain (rcm.c:1692)
==30430==    by 0x91DF888: RSTRRecognize (rcm.c:1374)
gdb stack trace:

(gdb) bt
#0  0x00007ffff70c6a75 in raise (sig=<value optimized out>) at 
../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007ffff70ca5c0 in abort () at abort.c:92
#2  0x00007ffff71004fb in __libc_message (do_abort=<value optimized out>, 
fmt=<value optimized out>) at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
#3  0x00007ffff7192217 in __fortify_fail (msg=0x7ffff71dbe6d "buffer overflow 
detected") at fortify_fail.c:32
#4  0x00007ffff71910d0 in __chk_fail () at chk_fail.c:29
#5  0x00007ffff261f95c in memcpy (xbyte=<value optimized out>, yrow=<value 
optimized out>, bDest=0x7ffff282d240 "")
    at /usr/include/bits/string3.h:52
#6  MoveUpDownBitmap2 (xbyte=<value optimized out>, yrow=<value optimized out>, 
bDest=0x7ffff282d240 "")
    at 
/home/alexeyn/python/src/cuneiform-0.7.0+dfsg/cuneiform_src/Kern/fon/src/p2_thick.c:208
#7  0x00007ffff262016a in Razmaz2 (bSource=<value optimized out>, bDest=<value 
optimized out>, xbit=<value optimized out>, yrow=58, 
    porogX=<value optimized out>, porogY=<value optimized out>)
    at 
/home/alexeyn/python/src/cuneiform-0.7.0+dfsg/cuneiform_src/Kern/fon/src/p2_thick.c:316
#8  0x00007ffff260de47 in FONRecog2Glue (firLeo=0xc6cc30, lasLeo=<value 
optimized out>, firOut=0xf91a60, lasOut=<value optimized out>, 
    lang=<value optimized out>, porog=240, nNaklon=-15, countRazmaz=10)
    at 
/home/alexeyn/python/src/cuneiform-0.7.0+dfsg/cuneiform_src/Kern/fon/src/dist_bou.c:1923
#9  0x00007ffff3105253 in RerecogInRect (rect=<value optimized out>, 
lineRaw=<value optimized out>, firstNew=0x78d6, lastNew=0x78d6, lang=3)
    at 
/home/alexeyn/python/src/cuneiform-0.7.0+dfsg/cuneiform_src/Kern/pass2/src/p2_proc.c:1921
#10 0x00007ffff3105432 in GlueRerecog (first=<value optimized out>, 
last=0xf91380, lineRaw=<value optimized out>, boAll=<value optimized out>)
    at 
/home/alexeyn/python/src/cuneiform-0.7.0+dfsg/cuneiform_src/Kern/pass2/src/p2_proc.c:2007
#11 0x00007ffff310899b in p2_processWord (lineRaw=<value optimized out>, 
lineFon=0xf911f0, firOld=0x7fffffffc028, last=0xc53970, 
    fontinfo=<value optimized out>, useSpell=<value optimized out>)
    at 
/home/alexeyn/python/src/cuneiform-0.7.0+dfsg/cuneiform_src/Kern/pass2/src/p2_proc.c:720
#12 0x00007ffff31096fa in p2_proc (lineRaw=<value optimized out>, 
lineOne=0xc506d0, p2glob=0x7fffffffc480)
    at 
/home/alexeyn/python/src/cuneiform-0.7.0+dfsg/cuneiform_src/Kern/pass2/src/p2_proc.c:1307
#13 0x00007ffff37e28c1 in pass3 (ln=0xc6c980, lout=0xc506d0)
    at 
/home/alexeyn/python/src/cuneiform-0.7.0+dfsg/cuneiform_src/Kern/rstr/src/pass3.c:776
#14 0x00007ffff37f4c44 in RSTRRecognizeMain (lin=<value optimized out>, 
lino=0xc506d0)
    at 
/home/alexeyn/python/src/cuneiform-0.7.0+dfsg/cuneiform_src/Kern/rstr/src/rcm.c:1692
#15 0x00007ffff37f5889 in RSTRRecognize (lin=0x78d6, lino=0x78d6)
    at 
/home/alexeyn/python/src/cuneiform-0.7.0+dfsg/cuneiform_src/Kern/rstr/src/rcm.c:1374
#16 0x00007ffff7bc2efe in RecognizeStringsPass2 () at 
/home/alexeyn/python/src/cuneiform-0.7.0+dfsg/cuneiform_src/Kern/puma/c/partrecog.cpp:357
#17 Recognize () at 
/home/alexeyn/python/src/cuneiform-0.7.0+dfsg/cuneiform_src/Kern/puma/c/partrecog.cpp:679
#18 0x00007ffff7bc4491 in PUMA_XFinalRecognition () at 
/home/alexeyn/python/src/cuneiform-0.7.0+dfsg/cuneiform_src/Kern/puma/main/puma.cpp:600
#19 0x0000000000402ef3 in main (argc=6, argv=<value optimized out>)
    at 
/home/alexeyn/python/src/cuneiform-0.7.0+dfsg/cuneiform_src/Kern/cuneiform-cli.cpp:376

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: cuneiform 0.7.0+dfsg-5ubuntu0.1
ProcVersionSignature: Ubuntu 2.6.32-27.49-generic 2.6.32.26+drm33.12
Uname: Linux 2.6.32-27-generic x86_64
Architecture: amd64
Date: Mon Jan 10 16:48:51 2011
SourcePackage: cuneiform

** Affects: cuneiform (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug lucid

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/701074

Title:
  cuneiform crash due to buffer overflow

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 701074] [NEW] cuneiform crash due to buffer overflow

Reply via email to