Bug 1662986

Summary: Crash when listing available languages
Product: [Fedora] Fedora Reporter: Milan Crha <mcrha>
Component: highlightAssignee: Kevin Fenzi <kevin>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 28CC: jochen, kevin, lxtnow, rosset.filipe
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: highlight-3.48-1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-01-03 07:50:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
proposed patch none

Description Milan Crha 2019-01-02 16:20:02 UTC 
When invoking:

   $ highlight --list-scripts=langs

it crashes, with this information:

-----------------------------------------------------------------------------

/usr/include/c++/8/bits/stl_vector.h:932: std::vector<_Tp, _Alloc>::reference std::vector<_Tp, _Alloc>::operator[](std::vector<_Tp, _Alloc>::size_type) [with _Tp = std::__cxx11::basic_string<char>; _Alloc = std::allocator<std::__cxx11::basic_string<char> >; std::vector<_Tp, _Alloc>::reference = std::__cxx11::basic_string<char>&; std::vector<_Tp, _Alloc>::size_type = long unsigned int]: Assertion '__builtin_expect(__n < this->size(), true)' failed.

Program received signal SIGABRT, Aborted.
0x00007ffff6cd993f in raise () from /lib64/libc.so.6
Missing separate debuginfos, use: dnf debuginfo-install glibc-2.28-28.el8.x86_64 libgcc-8.2.1-3.3.el8.x86_64 libstdc++-8.2.1-3.3.el8.x86_64 lua-libs-5.3.4-10.el8.x86_64 sssd-client-2.0.0-23.el8.x86_64
(gdb) bt
#0  0x00007ffff6cd993f in raise () from /lib64/libc.so.6
#1  0x00007ffff6cc3c95 in abort () from /lib64/libc.so.6
#2  0x00005555555caacd in std::__replacement_assert (
    __condition=0x555555614938 "__builtin_expect(__n < this->size(), true)", 
    __function=<synthetic pointer>, __line=932, 
    __file=0x5555556148f0 "/usr/include/c++/8/bits/stl_vector.h")
    at /usr/include/c++/8/x86_64-redhat-linux/bits/c++config.h:2391
#3  std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::operator[] (__n=<optimized out>, 
    this=0x7fffffffc9b0) at /usr/include/c++/8/bits/stl_vector.h:932
#4  Platform::getFileNames (directory="/usr/share/highlight/langDefs/", 
    wildcard="*.lang", 
    fileName=std::vector of length 220, capacity 256 = {...})
    at ./core/platform_fs.cpp:226
#5  0x00005555555cabb7 in Platform::getDirectoryEntries (
    fileList=std::vector of length 220, capacity 256 = {...}, 
    wildcard="*.lang", recursiveSearch=recursiveSearch@entry=true)
    at ./core/platform_fs.cpp:102
#6  0x000055555557eb9a in HLCmdLineApp::printInstalledLanguages (
    this=0x7fffffffd430) at /usr/include/c++/8/bits/basic_string.h:927
#7  0x0000555555580340 in HLCmdLineApp::run (this=0x7fffffffd430, 
    argc=<optimized out>, argv=<optimized out>) at ./cli/main.cpp:415
(gdb) f 5
#5  0x00005555555cabb7 in Platform::getDirectoryEntries (
    fileList=std::vector of length 220, capacity 256 = {...}, 
    wildcard="*.lang", recursiveSearch=recursiveSearch@entry=true)
    at ./core/platform_fs.cpp:102
102	        getFileNames ( directory_path, wildcard, fileList );
(gdb) f 4
#4  Platform::getFileNames (directory="/usr/share/highlight/langDefs/", 
    wildcard="*.lang", 
    fileName=std::vector of length 220, capacity 256 = {...})
    at ./core/platform_fs.cpp:226
226	        sort ( &fileName[firstEntry], &fileName[fileName.size() ] );

-----------------------------------------------------------------------------
Comment 1 Milan Crha 2019-01-02 16:21:47 UTC 
Created attachment 1517969 [details]
proposed patch

Here's a proposed patch, which avoids the crash. The problem was that the fileName[fileName.size() ] gets out of bounds, which triggers it.
Comment 2 Filipe Rosset 2019-01-02 17:00:29 UTC 
Hi Milan, can you please update to 3.48?

https://bodhi.fedoraproject.org/updates/FEDORA-2018-2584a2c69a
Comment 3 Filipe Rosset 2019-01-02 17:03:26 UTC 
ugh, is it Fedora or EL8?

Not sure about the EPEL8 repositories, maybe you can backport from F29 or rawhide.

Missing separate debuginfos, use: dnf debuginfo-install glibc-2.28-28.el8.x86_64 libgcc-8.2.1-3.3.el8.x86_64 libstdc++-8.2.1-3.3.el8.x86_64 lua-libs-5.3.4-10.el8.x86_64 sssd-client-2.0.0-23.el8.x86_64
Comment 4 Milan Crha 2019-01-03 07:45:58 UTC 
This had been supposed to be about Fedora 28. My fault I didn't notice it's preselected to 29. This had been filled as a result of a RHEL bug.
Comment 5 Milan Crha 2019-01-03 07:50:59 UTC 
I can confirm that highlight-3.48-1.fc28.x86_64.rpm doesn't crash. The related source code change is:

    // sort the current entries for fileName
    // https://gitlab.com/saalen/highlight/issues/84
    // coredump with GLIBCXX_ASSERTIONS compiler option, use iterators if sort is needed
    //if ( firstEntry < fileName.size() )
    //    sort ( &fileName[firstEntry], &fileName[fileName.size() ] );
Comment 6 Filipe Rosset 2019-01-03 14:01:47 UTC 
great, thank you for the bug report, happy new year! :)