bug-gnu-pspp
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PSPP-BUG: [bug #31346] Segmentation fault in ascii driver

From: Ben Pfaff
Subject: PSPP-BUG: [bug #31346] Segmentation fault in ascii driver
Date: Fri, 22 Oct 2010 04:28:37 +0000
User-agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.1.10) Gecko/20100623 Iceweasel/3.5.10 (like Firefox/3.5.10) 
Follow-up Comment #1, bug #31346 (project pspp):

valgrind shows that the ascii driver is writing beyond the end of the page
(792 bytes divided by 12 bytes per struct ascii_line is 66):


==28358== Invalid read of size 4
==28358==    at 0x4893E73: ascii_expand_line (ascii.c:669)
==28358==    by 0x4893C4C: ascii_draw_line (ascii.c:605)
==28358==    by 0x489A1FC: render_page_draw_cells (render.c:870)
==28358==    by 0x489A562: render_page_draw (render.c:952)
==28358==    by 0x48937C0: ascii_output_table_item (ascii.c:459)
==28358==    by 0x4893912: ascii_submit (ascii.c:490)
==28358==    by 0x48960E7: output_submit__ (driver.c:102)
==28358==    by 0x489CF4C: table_item_submit (table-item.c:78)
==28358==    by 0x489BC4B: tab_submit (tab.c:630)
==28358==    by 0x48341F0: do_summary_box (npar-summary.c:173)
==28358==    by 0x4833BF0: cmd_npar_tests (npar.c:385)
==28358==    by 0x480CCFF: cmd_parse_in_state (command.c:219)
==28358==    by 0x480D367: cmd_parse (command.c:150)
==28358==    by 0x804A4F0: main (main.c:139)
==28358==  Address 0x8c3d26c is 4 bytes after a block of size 792 alloc'd
==28358==    at 0x47EBF50: malloc (vg_replace_malloc.c:236)
==28358==    by 0x47EBFDA: realloc (vg_replace_malloc.c:525)
==28358==    by 0x49351C8: xrealloc (xmalloc.c:57)
==28358==    by 0x48929FC: xnrealloc (xalloc.h:137)
==28358==    by 0x489446A: ascii_open_page (ascii.c:818)
==28358==    by 0x48935E0: ascii_output_table_item (ascii.c:414)
==28358==    by 0x489388F: ascii_output_text (ascii.c:474)
==28358==    by 0x4893AE6: ascii_submit (ascii.c:544)
==28358==    by 0x48960E7: output_submit__ (driver.c:102)
==28358==    by 0x4896194: output_submit (driver.c:138)
==28358==    by 0x489E8BC: text_item_submit (text-item.c:88)
==28358==    by 0x480CA6F: cmd_parse_in_state (command.c:192)
==28358==    by 0x480D367: cmd_parse (command.c:150)
==28358==    by 0x804A4F0: main (main.c:139)


    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?31346>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]