Package: an Version: 1.0-2 Severity: normal Tags: patch Hi there,
I noticed I could crash 'an' by providing a particular input string: $ an gwelymernans an: malloc.c:3096: sYSMALLOc: Assertion `(old_top == (((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof (struct malloc_chunk, fd)))) && old_size == 0) || ((unsigned long) (old_size) >= (unsigned long)((((__builtin_offsetof (struct malloc_chunk, fd_nextsize))+((2 * (sizeof(size_t))) - 1)) & ~((2 * (sizeof(size_t))) - 1))) && ((old_top)->size & 0x1) && ((unsigned long)old_end & pagemask) == 0)' failed. zsh: abort an gwelymernans My C is a little rusty, but it looks like this might be due to the make_alphabet function in bitfield.c not allocating room for a NULL byte when calling safe_calloc. Fixing that and recompiling resolved the problem for me. I know this is a very minor issue, but I just thought I'd report it because I was lucky enough to strike the problem :) Cheers, Mark -- System Information: Debian Release: 7.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages an depends on: ii libc6 2.13-38 ii libicu48 4.8.1.1-12 Versions of packages an recommends: ii wamerican [wordlist] 7.1-1 ii wamerican-huge [wordlist] 7.1-1 ii wbritish-huge [wordlist] 7.1-1 an suggests no packages. -- no debconf information
diff --git a/bitfield.c b/bitfield.c index d34033c..75704f8 100644 --- a/bitfield.c +++ b/bitfield.c @@ -163,7 +163,7 @@ make_alphabet(const UChar *source) int sourcelen = u_strlen(source); int x, y; - dest = safe_calloc(sourcelen, sizeof(UChar)); + dest = safe_calloc(sourcelen + 1, sizeof(UChar)); u_strcpy(dest, source);