Subject: Bug#848156: Fix; NMU to DELAYED/5



control: tag -1 patch

Hi,

I can reproduce the segfault on my amd64 system. The segfault happens
near the end of the convert() function. This is what I got after adding
'OPTIMIZE' => '-O0 -g -ggdb' to Makefile.PL and rebuilding from from
source:

,----
| Starting program: /usr/bin/perl -Mblib -MText::Unaccent -e print\
unac_string\(\"utf-8\",\"aaaaaaaaaaa\"\)
| [Thread debugging using libthread_db enabled]
| Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
|
| Program received signal SIGSEGV, Segmentation fault.
| 0x00007ffff6cd12ae in convert (from=0x5555559652a0 "utf-8", to=0x7ffff6cd1564
"UTF-16BE",
| in=0x5555559802db "", in_length=0, outp=0x7fffffffdb88,
out_lengthp=0x7fffffffdb84) at unac.c:13864
| 13864 (*outp)[*out_lengthp] = '\0';
| (gdb) bt
| #0 0x00007ffff6cd12ae in convert (from=0x5555559652a0 "utf-8",
to=0x7ffff6cd1564 "UTF-16BE",
| in=0x5555559802db "", in_length=0, outp=0x7fffffffdb88,
out_lengthp=0x7fffffffdb84) at unac.c:13864
| #1 0x00007ffff6cd1368 in unac_string (charset=0x5555559652a0 "utf-8",
| in=0x5555559802d0 'a' <repeats 11 times>, in_length=11,
outp=0x7ffff6ed99a0 <buffer>,
| out_lengthp=0x7ffff6ed99a8 <buffer_length>) at unac.c:13888
| #2 0x00007ffff6cd003d in XS_Text__Unaccent_unac_string
(my_perl=0x555555941010, cv=0x555555ab1778)
| at Unaccent.xs:69
| #3 0x00005555556280b0 in Perl_pp_entersub (my_perl=0x555555941010) at
pp_hot.c:3987
| #4 0x00005555556205d6 in Perl_runops_standard (my_perl=0x555555941010) at
run.c:41
| #5 0x00005555555a66e9 in S_run_body (oldscope=1, my_perl=0x555555941010) at
perl.c:2488
| #6 perl_run (my_perl=0x555555941010) at perl.c:2411
| #7 0x000055555557f85d in main (argc=<optimized out>, argv=<optimized out>,
env=<optimized out>)
| at perlmain.c:116
`----

It turns out that the compiler warnings about incompatible pointer types
are spot on: When *out_length is set at the end of convert, it
overwrites parts of *outp, leading to the crash.

The attached patch fixes the issue as described, it outputs a single
character "a" as expected; I have done an NMU to DELAYED/5. Please let
me know if I should reschedule or cancel my upload.

Cheers,
-Hilko

Attachment: libtext-unaccent-perl_1.08-1.3.debdiff
Description: test/patch


Programming list archiving by: Enterprise Git Hosting