reproducible seg fault in 'aspell' when using 'eo_XX.UTF-8' locale

Can you please attach a full backtrace including debugging symbols please follow the link im gonna give you to get the debugging symbols for the backtrace.
https://wiki.ubuntu.com/DebuggingProgramCrash

> Can you please attach a full backtrace including debugging
> symbols please follow the link im gonna give you to get the
> debugging symbols for the backtrace.
> https://wiki.ubuntu.com/DebuggingProgramCrash

The instructions for obtaining a backtrace with symbols at
that URL are for Edgy, but I'm still running Dapper. I tried
to replace...

  deb http://people.ubuntu.com/~pitti/ddebs edgy main universe

... into...

  deb http://people.ubuntu.com/~pitti/ddebs dapper main universe

... but get errors when running 'sudo apt-get update':

  Failed to fetch http://people.ubuntu.com/~pitti/ddebs/dists/dapper/main/binary-i386/Packages.gz 404 Not Found
  Failed to fetch http://people.ubuntu.com/~pitti/ddebs/dists/dapper/universe/binary-i386/Packages.gz 404 Not Found

Is there another repository (for dapper) to get packages built with debug symbols?

no i dont think there is a repo for dapper im afraid. can you get a full backtrace adn we will start from there. Thank you for you fast response.

I also tried to build aspell from the sources using
information at https://wiki.ubuntu.com/DebuggingProgramCrash (in section "Old notes").

1) first of all, something is missing in the instruction.
    User should run 'sudo apt-get install fakeroot' after
    'sudo apt-get install devscripts'

2) then, when running...

   export DEB_BUILD_OPTIONS="debug nostrip noopt"
   fakeroot apt-get source -b aspell

... it builds, but at then end, it fails with the following error:

  dh_installchangelogs -plibaspell-dev manual/aspell.html/ChangeLog.html
  dh_install -plibaspell-dev --sourcedir=debian/tmp
  cp: cannot stat `debian/tmp//usr/lib/libaspell.so': No such file or directory
  dh_install: command returned error code 256
  make: *** [binary-install/libaspell-dev] Error 1
  Build command 'cd aspell-0.60.4 && dpkg-buildpackage -b -uc' failed.
  E: Child process failed

libaspell.so does not exist in debian/tmp//usr/lib/libaspell.so,
but static lib libaspell.a does exist.

So in the end, I still don't have a stack trace yet with debug symbols.

The stack trace I gave in the bug description the complete
stack trace I get with gdb (without symbos unfortunately).

I also run with valgrind memory check, and got the following
output:

$ export LC_ALL=eo_XX.UTF-8 ; echo -n | valgrind --tool=memcheck --leak-check=yes --track-fds=yes --num-callers=20 aspell list
==1444== Memcheck, a memory error detector.
==1444== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et al.
==1444== Using LibVEX rev 1471, a library for dynamic binary translation.
==1444== Copyright (C) 2004-2005, and GNU GPL'd, by OpenWorks LLP.
==1444== Using valgrind-3.1.0-Debian, a dynamic binary instrumentation framework.
==1444== Copyright (C) 2000-2005, and GNU GPL'd, by Julian Seward et al.
==1444== For more details, rerun with: -v
==1444==
==1444== Invalid read of size 1
==1444== at 0x407551F: acommon::DecodeUtf8::decode(char const*, int, acommon::FilterCharVector&) const (in /usr/lib/libaspell.so.15.1.4)
==1444== by 0x407B387: acommon::DocumentChecker::process(char const*, int) (in /usr/lib/libaspell.so.15.1.4)==1444== by 0x806CC4C: (within /usr/bin/aspell)
==1444== by 0x8052754: (within /usr/bin/aspell)
==1444== by 0x8063269: (within /usr/bin/aspell)
==1444== by 0x4246EA1: __libc_start_main (in /lib/tls/i686/cmov/libc-2.3.6.so)
==1444== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==1444==
==1444== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==1444== Access not within mapped region at address 0x0
==1444== at 0x407551F: acommon::DecodeUtf8::decode(char const*, int, acommon::FilterCharVector&) const (in /usr/lib/libaspell.so.15.1.4)
==1444== by 0x407B387: acommon::DocumentChecker::process(char const*, int) (in /usr/lib/libaspell.so.15.1.4)==1444== by 0x806CC4C: (within /usr/bin/aspell)
==1444== by 0x8052754: (within /usr/bin/aspell)
==1444== by 0x8063269: (within /usr/bin/aspell)
==1444== by 0x4246EA1: __libc_start_main (in /lib/tls/i686/cmov/libc-2.3.6.so)
==1444==
==1444== FILE DESCRIPTORS: 3 open at exit.
==1444== Open file descriptor 2: /dev/pts/0
==1444== <inherited from parent>
==1444=...

This bug is still present in Feisty Fawn

I am unable to reproduce this under Gutsy.

Unlike previous comment from Joey, I can reproduce this problem in Gutsy (Ubuntu-7.10):

pel@pel-laptop:~$ export LC_ALL=eo_XX.UTF-8 ; echo -n | aspell list
Segmentation fault (core dumped)

I can reproduce this in Gutsy with

  LC_ALL=en_GB.UTF-8 aspell list < /dev/null

The error does not occur with LC_ALL=C.

Here's the stack trace obtained after installing aspell-dbgsym and libaspell5-dbgsym. It would appear that acommon::DecodeUtf8::decode doesn't like in to be NULL, even when size == 0:

$ gdb --args aspell list
GNU gdb 6.6-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...
Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
(gdb) run
Starting program: /usr/bin/aspell list
^D
Program received signal SIGSEGV, Segmentation fault.
acommon::DecodeUtf8::decode (this=0x8097fe8, in=0x0, size=0, out=@0x80dbd04)
    at common/convert.cpp:817
817 common/convert.cpp: No such file or directory.
        in common/convert.cpp
(gdb) bt
#0 acommon::DecodeUtf8::decode (this=0x8097fe8, in=0x0, size=0,
    out=@0x80dbd04) at common/convert.cpp:817
#1 0xb7f05950 in acommon::DocumentChecker::process (this=0x80dbcd8, str=0x0,
    size=0) at common/convert.hpp:142
#2 0x0806b5e0 in CheckerString (this=0x80dc460, speller=0x80778b8,
    in=0xb7d3a440, out=0x0, num_lines=64) at prog/checker_string.cpp:59
#3 0x08054649 in list () at prog/aspell.cpp:1285
#4 0x08061bb5 in main (argc=2, argv=0xbf9d6074) at prog/aspell.cpp:411
#5 0xb7c0a050 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6
#6 0x0804d871 in _start ()
(gdb)

I just installed Ubuntu-8.04 (Hardy Heron), and aspell still crashes with:

$ export LC_ALL=en_GB.UTF-8 ; echo -n | aspell list
Segmentation fault

Is this symptom still reproducible in 8.10 alpha?

This is still reproducible in Ubuntu-8.10 Intrepid Ibex.

$ LC_ALL=en_GB.UTF-8 aspell list < /dev/null
Segmentation fault (core dumped)

The same happens with "LC_ALL=en_GB.UTF-8 aspell check somedir" where somedir is an existing directory.

I'm still seeing this issue in Ubuntu-9.10 (Karmic Koala).

Very easy to reproduce:

~$ LC_ALL=en_GB.UTF-8 aspell list < /dev/null
Segmentation fault

Still in lucid, aspell version 0.60.6-3ubuntu1

$ LC_ALL=en_GB.UTF-8 aspell list < /dev/null
Segmentation fault

This bug is still present in Ubuntu-10.04. It is trivial to reproduce:

pel@pel-laptop:~$ cat /etc/issue
Ubuntu 10.04 LTS \n \l

pel@pel-laptop:~$ LC_ALL=en_GB.UTF-8 aspell list < /dev/null
Segmentation fault (core dumped)

This is fixed in Debian's aspell packages version 0.60.6-6 and later.

Setting to confirmed as many have seen the problem and I can easily reproduce on 10.10. (Leaving the bug as New caused me to look at it to see if I could help confirm it.)