cuneiform crash due to buffer overflow
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cuneiform (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: cuneiform
Valgrind stack trace:
**30430** *** memcpy_chk: buffer overflow detected ***: program terminated
==30430== at 0x4C29F83: VALGRIND_
==30430== by 0x4C2A09D: __memcpy_chk (mc_replace_
==30430== by 0xA3E395B: MoveUpDownBitmap2 (string3.h:52)
==30430== by 0xA3E4169: Razmaz2 (p2_thick.c:316)
==30430== by 0xA3D1E46: FONRecog2Glue (dist_bou.c:1923)
==30430== by 0x98FF252: RerecogInRect (p2_proc.c:1921)
==30430== by 0x98FF431: GlueRerecog (p2_proc.c:2007)
==30430== by 0x9902A02: p2_processWord (p2_proc.c:574)
==30430== by 0x99036F9: p2_proc (p2_proc.c:1307)
==30430== by 0x91CC8C0: pass3 (pass3.c:776)
==30430== by 0x91DEC43: RSTRRecognizeMain (rcm.c:1692)
==30430== by 0x91DF888: RSTRRecognize (rcm.c:1374)
gdb stack trace:
(gdb) bt
#0 0x00007ffff70c6a75 in raise (sig=<value optimized out>) at ../nptl/
#1 0x00007ffff70ca5c0 in abort () at abort.c:92
#2 0x00007ffff71004fb in __libc_message (do_abort=<value optimized out>, fmt=<value optimized out>) at ../sysdeps/
#3 0x00007ffff7192217 in __fortify_fail (msg=0x7ffff71dbe6d "buffer overflow detected") at fortify_fail.c:32
#4 0x00007ffff71910d0 in __chk_fail () at chk_fail.c:29
#5 0x00007ffff261f95c in memcpy (xbyte=<value optimized out>, yrow=<value optimized out>, bDest=0x7ffff28
at /usr/include/
#6 MoveUpDownBitmap2 (xbyte=<value optimized out>, yrow=<value optimized out>, bDest=0x7ffff28
at /home/alexeyn/
#7 0x00007ffff262016a in Razmaz2 (bSource=<value optimized out>, bDest=<value optimized out>, xbit=<value optimized out>, yrow=58,
porogX=<value optimized out>, porogY=<value optimized out>)
at /home/alexeyn/
#8 0x00007ffff260de47 in FONRecog2Glue (firLeo=0xc6cc30, lasLeo=<value optimized out>, firOut=0xf91a60, lasOut=<value optimized out>,
lang=<value optimized out>, porog=240, nNaklon=-15, countRazmaz=10)
at /home/alexeyn/
#9 0x00007ffff3105253 in RerecogInRect (rect=<value optimized out>, lineRaw=<value optimized out>, firstNew=0x78d6, lastNew=0x78d6, lang=3)
at /home/alexeyn/
#10 0x00007ffff3105432 in GlueRerecog (first=<value optimized out>, last=0xf91380, lineRaw=<value optimized out>, boAll=<value optimized out>)
at /home/alexeyn/
#11 0x00007ffff310899b in p2_processWord (lineRaw=<value optimized out>, lineFon=0xf911f0, firOld=
fontinfo=<value optimized out>, useSpell=<value optimized out>)
at /home/alexeyn/
#12 0x00007ffff31096fa in p2_proc (lineRaw=<value optimized out>, lineOne=0xc506d0, p2glob=
at /home/alexeyn/
#13 0x00007ffff37e28c1 in pass3 (ln=0xc6c980, lout=0xc506d0)
at /home/alexeyn/
#14 0x00007ffff37f4c44 in RSTRRecognizeMain (lin=<value optimized out>, lino=0xc506d0)
at /home/alexeyn/
#15 0x00007ffff37f5889 in RSTRRecognize (lin=0x78d6, lino=0x78d6)
at /home/alexeyn/
#16 0x00007ffff7bc2efe in RecognizeString
#17 Recognize () at /home/alexeyn/
#18 0x00007ffff7bc4491 in PUMA_XFinalReco
#19 0x0000000000402ef3 in main (argc=6, argv=<value optimized out>)
at /home/alexeyn/
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: cuneiform 0.7.0+dfsg-
ProcVersionSign
Uname: Linux 2.6.32-27-generic x86_64
Architecture: amd64
Date: Mon Jan 10 16:48:51 2011
SourcePackage: cuneiform
Status changed to 'Confirmed' because the bug affects multiple users.