Package: an
Version: 1.0-2
Severity: normal
Tags: patch
Hi there,
I noticed I could crash 'an' by providing a particular input string:
$ an gwelymernans
an: malloc.c:3096: sYSMALLOc: Assertion `(old_top == (((mbinptr) (((char *)
&((av)->bins[((1) - 1) * 2])) - __builtin_offsetof (struct malloc_chunk, fd))))
&& old_size == 0) || ((unsigned long) (old_size) >= (unsigned
long)((((__builtin_offsetof (struct malloc_chunk, fd_nextsize))+((2 *
(sizeof(size_t))) - 1)) & ~((2 * (sizeof(size_t))) - 1))) && ((old_top)->size &
0x1) && ((unsigned long)old_end & pagemask) == 0)' failed.
zsh: abort an gwelymernans
My C is a little rusty, but it looks like this might be due to the
make_alphabet function in bitfield.c not allocating room for a NULL byte when
calling safe_calloc. Fixing that and recompiling resolved the problem for me.
I know this is a very minor issue, but I just thought I'd report it because I
was lucky enough to strike the problem :)
Cheers,
Mark
-- System Information:
Debian Release: 7.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages an depends on:
ii libc6 2.13-38
ii libicu48 4.8.1.1-12
Versions of packages an recommends:
ii wamerican [wordlist] 7.1-1
ii wamerican-huge [wordlist] 7.1-1
ii wbritish-huge [wordlist] 7.1-1
an suggests no packages.
-- no debconf information
diff --git a/bitfield.c b/bitfield.c
index d34033c..75704f8 100644
--- a/bitfield.c
+++ b/bitfield.c
@@ -163,7 +163,7 @@ make_alphabet(const UChar *source)
int sourcelen = u_strlen(source);
int x, y;
- dest = safe_calloc(sourcelen, sizeof(UChar));
+ dest = safe_calloc(sourcelen + 1, sizeof(UChar));
u_strcpy(dest, source);
