Bug 12515

Summary: random segfaults
Product: Rarian Reporter: Gabriel C <nix.or.die>
Component: GeneralAssignee: Don Scorgie <Don>
Status: ASSIGNED --- QA Contact:
Severity: critical    
Priority: medium CC: krics
Version: unspecified   
Hardware: Other   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:

Description Gabriel C 2007-09-21 15:34:14 UTC 
Hi,

while trying to replace scrollkeeper we got some sefgaults with rarian ( 0.6.0 ) on Frugalware Linux. 

We notice first segfault while building some package , quite easy to reproduce for me.

Here a bt :


(gdb) run hu_HU scrollkeeper_cl.xml
Starting program: /usr/bin/rarian-sk-get-cl hu_HU scrollkeeper_cl.xml

Program received signal SIGSEGV, Segmentation fault.
0xb7d6e143 in strlen () from /lib/libc.so.6
(gdb) bt
#0  0xb7d6e143 in strlen () from /lib/libc.so.6
#1  0x0804e4f3 in TiXmlString::operator= (this=0x8063d08, copy=0x0) at tinystr.h:112
#2  0x0804e527 in TiXmlNode::SetValue (this=0x8063ce8, _value=0x0) at tinyxml.h:471
#3  0x0804e560 in TiXmlText (this=0x8063ce8, initValue=0x0) at tinyxml.h:1060
#4  0x0804de7d in get_docs (reg=0x805b148, pParent=0x8077e50) at rarian-sk-get-cl.cpp:109
#5  0xb7f219df in rrn_for_each_in_category (funct=0x804db8c <get_docs(_RrnReg*, TiXmlNode*)>, category=0x8063430 "General|Licenses", user_data=0x8077e50) at rarian-main.c:137
#6  0x0804e194 in process_node (pParent=0x8077e50) at rarian-sk-get-cl.cpp:140
#7  0x0804e1bc in process_node (pParent=0x8077cd8) at rarian-sk-get-cl.cpp:150
#8  0x0804e1bc in process_node (pParent=0x805c4f0) at rarian-sk-get-cl.cpp:150
#9  0x0804e354 in main (argc=3, argv=0xbfd9a014) at rarian-sk-get-cl.cpp:223
(gdb) l *0x0804e4f3
0x804e4f3 is in TiXmlString::operator=(char const*) (tinystr.h:112).
107             }
108
109             // = operator
110             TiXmlString& operator = (const char * copy)
111             {
112                     return assign( copy, (size_type)strlen(copy));
113             }
114
115             // = operator
116             TiXmlString& operator = (const TiXmlString & copy)
(gdb) l *0x0804e527
0x804e527 is in TiXmlNode::SetValue(char const*) (tinyxml.h:471).
466                     Comment:        the comment text
467                     Unknown:        the tag contents
468                     Text:           the text string
469                     @endverbatim
470             */
471             void SetValue(const char * _value) { value = _value;}
472
473         #ifdef TIXML_USE_STL
474             /// STL std::string form.
475             void SetValue( const std::string& _value )      { value = _value; }
(gdb) l *0x0804e560
0x804e560 is in TiXmlText (tinyxml.h:1061).
1056                    element, set the parameter _cdata to 'true'
1057            */
1058            TiXmlText (const char * initValue ) : TiXmlNode (TiXmlNode::TEXT)
1059            {
1060                    SetValue( initValue );
1061                    cdata = false;
1062            }
1063            virtual ~TiXmlText() {}
1064
1065            #ifdef TIXML_USE_STL
(gdb) 

Is trying to strlen(NULL) ...

But even rarian-example does segfaults

...

(gdb) run
Starting program: /usr/bin/rarian-example 

Program received signal SIGSEGV, Segmentation fault.
0xb7e06143 in strlen () from /lib/libc.so.6
(gdb) bt
#0  0xb7e06143 in strlen () from /lib/libc.so.6
#1  0xb7e05e85 in strdup () from /lib/libc.so.6
#2  0xb7f8e50f in process_initial_entry (line=0x804a1f0 "* Übereinstimmungen_in_Binärdatei_cpio.info.: (Übereinstimmungen_in_Binärdatei_cpio.info.).\n") at rarian-info.c:135
#3  0xb7f8f49e in process_info_dir (dir=0x804a050 "/usr/info") at rarian-info.c:445
#4  0xb7f8f740 in rrn_info_init () at rarian-info.c:535
#5  0xb7f8f7b2 in rrn_info_get_categories () at rarian-info.c:557
#6  0x080488fa in main () at rarian-example.c:96

rarian is compiled with gcc 4.2.1 , glibc is 2.6.1

If you need more infos let me know.

Regards,

Gabriel C
Comment 1 Don Scorgie 2008-07-29 11:57:24 UTC 
Thanks for the bug report.  I'm not entirely sure how these crashes are happening.  The first appears to happen when "DocType" is not set in the omf file.  In this case, there are checks in librarian which should stop this happening.  Can you please try with rarian 0.8.x and see if the issue persists.  If it does, can you possibly send one of the faulting files (if you can determine this).  Thanks.

In the second case, there appears to be documents in the info "dir" file before categories, confusing the parser.  I've checked a check for this in current SVN which should appear in 0.8.1.

2008-07-29  Don Scorgie  <Don@Scorgie.org>

	* librarian/rarian-info.c: 
	Check for documents appearing between *Menu and
	the first category.
	bug #12515

I'll mark this bug as accepted for now.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.