On 25/10/14 10:23, Daiki Ueno wrote:
Hello,
Andreas Stricker <astric...@futurelab.ch> writes:
I can reproduce this with Debian testing default xgettext. But it
doesn't look Javascript specific. e.g. if I create two identical
files 1.c and 2.c with the content:
int a() { ngettext("bla", 1); }
And call it like this:
xgettext --keyword=ngettext:1,1 -o - 1.c 2.c
*** Error in `xgettext': double free or corruption (fasttop):
0x0000000001428470 ***
I'm not sure if this keyword argument is valid, but at least
it should not die like this.
Thanks for the report and investigation. It seems to be a long-standing
bug since 0.18, after this change:
http://git.savannah.gnu.org/cgit/gettext.git/commit/?id=6aa7b7ed
I'm not sure if this change is intentional nor what's the best way to
handle this use-case, but here is a patch to recover the original
behavior.
Hi,
(I'm sorry if this does not end up in the correct thread, not quite sure
how to get the old mails resent so I had to download and create it manually)
I'm a colleague of Johan and I spent some time looking through the
source code trying to figure out what the problem is.
The problem seems to be that if the sameargnum is used then msgid and
msgid_plural will point to the same address.
Later in remember_a_message, if the msgid has already been encountered
it will call free on the msgid, making msgid_plur an invalid pointer
which is then passed to free in remember_a_message_plural.
This seems a bit tricky to solve given the current implementation.
You can, however, solve it by making sure the two does not point to the
same address to begin with (see attached patch).
An issue with this solution is that there seems to be (at least) one
other instance where the pointers could point to the same object, when
looking at lines:
3105 free (best_cp->msgid);
3106 if (best_cp->msgid_plural == best_cp->msgid)
3107 best_cp->msgid_plural = msgid;
3108 best_cp->msgid = msgid;
So it's possible that the same bug would appear here, I'm not sure how
to exercise this code path.
A similar solution could probably be applied here.
Regards,
--
Jesper Fehrlund
commit eeecbaff395702e975d92d0f7b552751a8d4bad1
Author: Jesper Fehrlund <jes...@fehrlund.se>
Date: Mon Oct 27 14:19:19 2014 +0000
Fixes double free when using the same argnum for singular and plural
diff --git a/gettext-tools/src/xgettext.c b/gettext-tools/src/xgettext.c
index eb3a660..1fb88bb 100644
--- a/gettext-tools/src/xgettext.c
+++ b/gettext-tools/src/xgettext.c
@@ -2793,7 +2793,10 @@ arglist_parser_remember_literal (struct arglist_parser
*ap,
}
if (argnum == cp->argnum2)
{
- cp->msgid_plural = string;
+ if (stored_string)
+ cp->msgid_plural = strdup(string);
+ else
+ cp->msgid_plural = string;
cp->msgid_plural_escape = type;
cp->msgid_plural_context = context;
cp->msgid_plural_pos.file_name = file_name;
