Description of problem: A process of uim-module-manager stopped running due to segfault. this seems not happens when it is built against -O0 but -O1. however building with -O0 and various -f* options which is supposed to be enabled according to the wiki didn't help. Here is what I can see with gdb: <mock-chroot> sh-4.4# LIBUIM_SYSTEM_SCM_FILES=/builddir/build/BUILD/uim-1.8.6/sigscheme/lib LIBUIM_SCM_FILES=/builddir/build/BUILD/uim-1 .8.6/scm LIBUIM_PLUGIN_LIB_DIR=/builddir/build/BUILD/uim-1.8.6/uim/.libs UIM_DISABLE_NOTIFY=1 libtool --mode=execute gdb --args ./uim/ui m-module-manager --path ../scm --register "anthy" "anthy-utf8" "canna" "skk" "tutcode" "byeoru" "latin" "elatin" "m17nlib" "xmlo ad" "pyload" "viqr" "ipa-x-sampa" "look" "ajax-ime" "social-ime" "google-cgiapi-jp" "baidu-olime-jp" "yahoo-jp" GNU gdb (GDB) Fedora 8.1-8.fc28 Copyright (C) 2018 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /builddir/build/BUILD/uim-1.8.6/uim/.libs/lt-uim-module-manager...done. (gdb) r Starting program: /builddir/build/BUILD/uim-1.8.6/uim/.libs/lt-uim-module-manager --path ../scm --register anthy anthy-utf8 canna skk tutcode byeoru latin elatin m17nlib xmload pyload viqr ipa-x-sampa look ajax-ime social-ime google-cgiapi-jp baidu-olime-jp yahoo-jp Missing separate debuginfos, use: dnf debuginfo-install glibc-2.27-3.fc28.x86_64 [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Warning: Module anthy is already registered Warning: Module anthy-utf8 is already registered Warning: Module canna is already registered Warning: Module skk is already registered Warning: Module tutcode is already registered Warning: Module byeoru is already registered Warning: Module latin is already registered Warning: Module elatin is already registered Warning: Module xmload is already registered Warning: Module pyload is already registered Warning: Module viqr is already registered Warning: Module ipa-x-sampa is already registered Warning: Module look is already registered Warning: Module ajax-ime is already registered Warning: Module social-ime is already registered Warning: Module google-cgiapi-jp is already registered Warning: Module baidu-olime-jp is already registered Warning: Module yahoo-jp is already registered Program received signal SIGSEGV, Segmentation fault. 0x00007fffed41ad3e in mconv_rebind_buffer (converter=0x55555586a300, buf=buf@entry=0x7fffed83a040 <buffer_for_converter> "Input method for the Old Hungarian script\n\nCan be used on any keyboard layout which supports ASCII.\nThe accented modern Hungarian characters are typed in\nthe same way as in the latn-post.mim input met"..., n=n@entry=4096) at coding.c:4321 4321 coding.c: No such file or directory. (gdb) p *converter $1 = {lenient = -150968198, last_block = 32767, at_most = 4149771424, nchars = 32767, nbytes = 0, result = MCONVERSION_RESULT_SUCCESS, status = {ptr = 0x21, dbl = 1.6304166312761136e-322, c = "!\000\000\000\000\000\000\000py\000\367\377\177\000\000\240|X\367\377\177\000\000\000\000\000\000\000\000\000\000!\000\000\000\000\000\000\000zh\000\367\377\177\000\000\240|X\367\377\177\000\000\000\000\000\000\000\000\000\000!\000\000\000\000\000\000\000pinyin\000\000\240|X\367\377\177\000\000\000\000\000\000\000\000\000\000!\000\000\000\000\000\000\000zh\000\367\377\177\000\000\240|X\367\377\177\000\000\000\000\000\000\000\000\000\000!\000\000\000\000\000\000\000cangjie\000\240|X\367\377\177\000\000\000\000\000\000\000\000\000\000!\000\000\000\000\000\000\000zh\000\367\377\177\000\000\240|X\367\377\177\000\000\000\000\000\000\000\000\000\000\061\001", '\000' <repeats 18 times>...}, internal_info = 0x0} converter->internal_info somehow has null which is wrong. (gdb) frame 1 #1 0x00007fffed637acc in convert_mtext2str (mtext=mtext@entry=0x5555558c4820) at m17nlib.c:235 235 mconv_rebind_buffer(converter, (unsigned char *)buffer_for_converter, (gdb) watch converter Hardware watchpoint 1: converter try again to see: (gdb) r ... Hardware watchpoint 1: converter Old value = (MConverter *) 0x0 New value = (MConverter *) 0x55555586a3e0 init_m17nlib () at m17nlib.c:224 224 if (!converter) Okay, initialized here and: (gdb) c Continuing. Hardware watchpoint 1: converter Old value = (MConverter *) 0x55555586a3e0 New value = (MConverter *) 0x55555586a300 convert_mtext2str (mtext=mtext@entry=0x5555558aa4f0) at m17nlib.c:240 240 return uim_strdup(buffer_for_converter); wait. this looks weird to me. no code to reassign a pointer of converter here. and this seems not happens if m17nlib.c which may cause this is built with -O0. dunno what's wrong. would be appreciated if you can help me on addressing this issue. Version-Release number of selected component (if applicable): gcc-8.0.1-0.14.fc28.x86_64 How reproducible: always Steps to Reproduce: 1.mock -rfedora-rawhide-x86_64 uim-1.8.6-16.fc28.src.rpm 2. 3. Actual results: build fails. Expected results: build should successfully finished Additional info: This worked on f27 and no changes has been made in uim since f27.
There is nothing weird on it, you overflow an buffer. Before filing bugs try to your package with -fsanitize=address and/or -fsanitize=undefined. static MConverter *converter; static char buffer_for_converter[4096]; /* Currently, if preedit strings or candidate strings over this buffer size, they will simply ignore. */ ... static char * convert_mtext2str(MText *mtext) { mconv_rebind_buffer(converter, (unsigned char *)buffer_for_converter, sizeof(buffer_for_converter)); mconv_encode(converter, mtext); buffer_for_converter[converter->nbytes] = 0; return uim_strdup(buffer_for_converter); } So, you call first mconv_rebind_buffer which sets internal->bufsize to 4096, then try to encode something. If it is really long, it will encode at most that bufsize characters and set converter->nbytes to 4096. Then in buffer_for_converter[converter->nbytes] = 0; you overflow the buffer and because converter pointer happens to be adjacent with -O2 right after it, you overwrite the last significant byte of it. Guess either you need to pass sizeof(buffer_for_converter)-1 to mconv_rebind_buffer, so that there is a place for the terminating '\0', or that plus bump buffer_for_converter size to 4096+1.
(In reply to Akira TAGOH from comment #0) > A process of uim-module-manager stopped running due to segfault. this seems > not happens when it is built against -O0 but -O1. however building with -O0 > and various -f* options which is supposed to be enabled according to the > wiki didn't help. That's expected, read https://gcc.gnu.org/wiki/FAQ#optimization-options If you use -O0 then no optimization happens, it doesn't matter if you use -f* options, -O0 means **NO** optimization. None.
(In reply to Jakub Jelinek from comment #1) > Guess either you need to pass sizeof(buffer_for_converter)-1 to > mconv_rebind_buffer, so that there is a place for the terminating '\0', or > that plus bump buffer_for_converter size to 4096+1. Indeed that is. you're right. thanks for explanation and suggestion.
uim-1.8.6-17.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-2eacef32de
uim-1.8.6-17.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2018-0209bafc31
uim-1.8.6-17.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-0209bafc31
uim-1.8.6-17.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-2eacef32de
uim-1.8.6-17.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.
uim-1.8.6-17.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.