Bug 1109949 - foma segfault
Summary: foma segfault
Status: RESOLVED FIXED
Alias: None
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Other (show other bugs)
Version: Current
Hardware: i586 openSUSE Factory
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: Bernhard Wiedemann
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 1109534
  Show dependency treegraph
 
Reported: 2018-09-27 04:50 UTC by Bernhard Wiedemann
Modified: 2018-09-27 09:24 UTC (History)
1 user (show)

See Also:
Found By: Development
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Bernhard Wiedemann 2018-09-27 04:50:34 UTC 
While working on reproducible builds for openSUSE, I found that
the malaga-suomi noarch package differs between i586 and x86_64.

This turned out to be because on i586, the call
foma -f vvfst/main.foma
segfaults. Here is a log-diff:

  Determinizing...
  Minimizing...
  Done!
  7.4 MB. 426835 states, 487127 arcs, Cyclic.
- defined Lexicon: 7.4 MB. 426835 states, 487127 arcs, Cyclic.
- defined ItoE: 517 bytes. 3 states, 10 arcs, Cyclic.
- defined Lengthening: 1.9 kB. 9 states, 90 arcs, Cyclic.
- defined HV: 2.5 kB. 17 states, 125 arcs, Cyclic.
- variable flag-is-epsilon = ON
- 7.5 MB. 428390 states, 489583 arcs, Cyclic.
- 7.5 MB. 428390 states, 489583 arcs, Cyclic.
- defined Lexicon2: 7.5 MB. 428390 states, 489583 arcs, Cyclic.
- 7.5 MB. 428383 states, 489496 arcs, Cyclic.
- 7.5 MB. 428383 states, 489496 arcs, Cyclic.
- Writing AT&T file: vvfst/all.att
+ defined Lexicon: 7.4 MB. free(): invalid pointer
  ! grep ']]' vvfst/all.att

and the malaga-suomi Makefile fails to notice this failure.


Steps to Reproduce:
osc co openSUSE:Factory/malaga-suomi && cd $_
osc build --noservice -x valgrind -x foma-debuginfo standard i586
osc chroot standard i586
cd /home/abuild/rpmbuild/BUILD/voikko-fi-2.1/ && valgrind foma -f vvfst/main.foma


defined Lexicon: 7.4 MB. 426835 states, 487127 arcs, Cyclic.
==27888== Invalid write of size 1
==27888==    at 0x412326B: _IO_default_xsputn (in /lib/libc-2.27.so)
==27888==    by 0x41163DD: _IO_padn (in /lib/libc-2.27.so)
==27888==    by 0x40F8FC1: vfprintf (in /lib/libc-2.27.so)
==27888==    by 0x41A2755: __vsprintf_chk (in /lib/libc-2.27.so)
==27888==    by 0x41A267F: __sprintf_chk (in /lib/libc-2.27.so)
==27888==    by 0x805C728: UnknownInlinedFun (stdio2.h:33)
==27888==    by 0x805C728: fsm_rewrite (rewrite.c:108)
==27888==    by 0x807D0BE: yyparse (regex.y:263)
==27888==    by 0x80764DB: my_yyparse (regex.l:130)
==27888==    by 0x80518D8: interfacelex (interface.l:355)
==27888==    by 0x8056324: my_interfaceparse (interface.l:108)
==27888==    by 0x8049509: main (foma.c:117)
==27888==  Address 0x767f784 is 0 bytes after a block of size 4 alloc'd
==27888==    by 0x8073207: xxmalloc (mem.c:77)  
==27888==    by 0x805C6EF: fsm_rewrite (rewrite.c:106)
==27888==    by 0x807D0BE: yyparse (regex.y:263)
==27888==    by 0x80764DB: my_yyparse (regex.l:130)
==27888==    by 0x80518D8: interfacelex (interface.l:355)
==27888==    by 0x8056324: my_interfaceparse (interface.l:108)
==27888==    by 0x8049509: main (foma.c:117)


I think the bad code is around foma/rewrite.c:106
    rb->namestrings = xxmalloc(sizeof rb->namestrings * num_rules);
    for (i = 0; i < rb->num_rules; i++) {
        sprintf(rb->namestrings[i], "@#%04i@", i+1);
    }
Comment 2 Tomáš Chvátal 2018-09-27 07:45:20 UTC 
Can't reproduce at all on local build nor do I see it in OBS. What are exact reproduce steps?
Comment 4 Bernhard Wiedemann 2018-09-27 09:02:44 UTC 
Submitted the fix:
https://github.com/mhulden/foma/pull/78
https://build.opensuse.org/request/show/638713
Comment 5 Bernhard Wiedemann 2018-09-27 09:24:48 UTC 
Bonus patch, to fail loudly instead of silently producing corrupted results:
https://github.com/voikko/corevoikko/pull/38