Description of problem: I was demonstrating espeak to my older children when my 2-year old said, "I push a button, too!" and smacked the keyboard. This output then appeared on my terminal: *** stack smashing detected ***: /usr/bin/espeak terminated It took me some time to figure out how he did it, but I can now reproduce the crash at will. Enter 33 forward slashes (/) and press return. 32 won't crash it, but 33 will. The core file is useless, due to the smashed stack. However, triggering the crash in gdb gives this backtrace: #0 0x0032a402 in __kernel_vsyscall () #1 0x00673d40 in raise () from /lib/libc.so.6 #2 0x00675591 in abort () from /lib/libc.so.6 #3 0x006a933b in __libc_message () from /lib/libc.so.6 #4 0x0072da71 in __stack_chk_fail () from /lib/libc.so.6 #5 0x001203e4 in __stack_chk_fail_local () from /usr/lib/libespeak.so.1 #6 0x0011599a in Translator::TranslateWord (this=0x8b88130, word1=0xb738208b '/' <repeats 33 times>, " ", next_pause=8, wtab=0xb73815ba) at translate.cpp:1460 #7 0x001161cb in Translator::TranslateWord2 (this=0x8b88130, word=0xb738208b '/' <repeats 33 times>, " ", wtab=0xb73815ba, pre_pause=0, next_pause=8) at translate.cpp:1571 #8 0x00117084 in Translator::TranslateClause (this=0x8b88130, f_text=0x0, vp_input=0x8b9d428, tone_out=0xb738231c, voice_change=0xb7382318) at translate.cpp:2459 #9 0x00113548 in SpeakNextClause (f_in=0x0, text_in=0x8b9d428, control=0) at synthesize.cpp:1431 #10 0x001043c9 in Synthesize (unique_identifier=<value optimized out>, text=0x8b9d428, flags=11726) at speak_lib.cpp:331 #11 0x0011de82 in process_espeak_command (the_command=0x2dce) at espeak_command.cpp:543 #12 0x0011f978 in say_thread () at fifo.cpp:446 #13 0x007be3db in start_thread () from /lib/libpthread.so.0 #14 0x0071826e in clone () from /lib/libc.so.6 Version-Release number of selected component (if applicable): espeak-1.18-2.fc6 How reproducible: Always. Steps to Reproduce: 1. Start espeak 2. Enter 33 forward slashes (/) 3. Press ENTER Actual results: Glibc reports a stack smash attack and aborts espeak. Expected results: Espeak should say "stroke" 33 times. Additional info:
Haha, there's just *no-one* like a 2-year old to stress-test a system. :-) Thanks for reporting this. As an update, I've verified this bug happens with the '&', '@', ':' and '\' characters as well (only 21 chars needed when using '\'). Will look into this as well as report it to upstream.
Bug submitted to upstream, available here: http://sourceforge.net/tracker/index.php?func=detail&aid=1652239&group_id=159649&atid=812675 In the meantime, I'm submitting espeak version 1.19 to the repository (this does not yet solve this bug, but includes some other refinements). New bug status: Version-Release number of affected components: espeak-1.18-2 espeak-1.19-1
Ok, upstream has acknowledged and fixed this bug; it will be rectified in the next version, espeak 1.20 (to be released around 7 Feb); I will package this as soon as it's available. Until then I'm leaving this bug open...
Great. Thanks for your quick response. My 2-year-old also thanks you. :-)
espeak-1.20-1 built and tested; the problem has been solved. Closing bug.