Hy, I'm able to reproduce the bug with the trunk version of bogofilter. It seam's to be a problem in memory management when converting string in utf8.
When i build bogofilter with configure option "--disable-unicode", bogofilter don't crash. *The result with gdb:* *** Error in `/root/bogofilter-code/bogofilter/src/bogofilter': realloc(): invalid next size: 0x0000000000662e50 *** Program received signal SIGABRT, Aborted. 0x00007ffff6d3d077 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) bt #0 0x00007ffff6d3d077 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 #1 0x00007ffff6d3e458 in __GI_abort () at abort.c:89 #2 0x00007ffff6d7afb4 in __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0x7ffff6e6dbc0 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175 #3 0x00007ffff6d8078e in malloc_printerr (action=1, str=0x7ffff6e69d82 "realloc(): invalid next size", ptr=<optimized out>) at malloc.c:4996 #4 0x00007ffff6d8356b in _int_realloc (av=av@entry=0x7ffff70aa620 <main_arena>, oldp=oldp@entry=0x662e40, oldsize=oldsize@entry=32928, nb=nb@entry=32976) at malloc.c:4234 #5 0x00007ffff6d84569 in __GI___libc_realloc (oldmem=0x662e50, bytes=32968) at malloc.c:3029 #6 0x000000000040a830 in yyrealloc (size=<optimized out>, ptr=<optimized out>) at lexer_v3.c:4044 #7 yy_get_next_buffer () at lexer_v3.c:3204 #8 yylex () at lexer_v3.c:3005 #9 0x000000000040f5ca in parse_new_token (token=0x7fffffffead0) at token.c:206 #10 get_token (token=token@entry=0x7fffffffead0) at token.c:153 #11 0x0000000000405f31 in collect_words (wh=wh@entry=0x63e740) at collect.c:48 #12 0x00000000004029e6 in bogofilter (argc=argc@entry=0, argv=<optimized out>) at bogofilter.c:97 #13 0x0000000000404957 in bogomain (argc=argc@entry=4, argv=argv@entry=0x7fffffffec88) at bogomain.c:67 #14 0x00000000004027a4 in main (argc=4, argv=0x7fffffffec88) at main.c:31 *The result with valgrind :* ==4663== Invalid write of size 1 ==4663== at 0x5B8815C: internal_utf8_loop (loop.c:331) ==4663== by 0x5B8815C: __gconv_transform_internal_utf8 (skeleton.c:611) ==4663== by 0x5B88D98: __gconv_transform_utf8_internal (skeleton.c:674) ==4663== by 0x5B83DB9: __gconv (gconv.c:79) ==4663== by 0x5B83358: iconv (iconv.c:52) ==4663== by 0x41BFC7: convert (iconvert.c:91) ==4663== by 0x41C1DD: iconvert (iconvert.c:196) ==4663== by 0x409977: get_decoded_line (lexer.c:226) ==4663== by 0x409C19: yyinput (lexer.c:327) ==4663== by 0x40BE46: yy_get_next_buffer (lexer_v3.c:3176) ==4663== by 0x40BA71: yylex (lexer_v3.c:3005) ==4663== by 0x413D5A: parse_new_token (token.c:206) ==4663== by 0x413BB2: get_token (token.c:153) ==4663== Address 0x6211390 is 16 bytes after a block of size 32,976 in arena "client" Regard's -- Mathieu Goulin
