search

divvun / libdivvun

lib for running gramcheck and other pipelines + cli; modules for CG→spelling, CG→feedback, tagging blanks
https://giellalt.github.io/proof/gramcheck/GrammarCheckerDocumentation.html
GNU General Public License v3.0
9 stars 1 forks source link

divvun-checker crashes on specific input #57

Closed albbas closed 1 year ago

albbas commented 1 year ago

echo Markens Grø d Markens” j ¶|divvun-checker -a smj.zcheck causes a crash.

The result on an Intel Mac is: 

{"errs":[["Grø",8,11,"typo","Báhko \"Grø\" vuojnnu boasstot tjáleduvvam.",["Gro","Ärø","Årø","Ærø","Gry","Grøa"],"\"Grø\" vuojnnu boasstot tjáleduvvam"],["Markens",14,21,"typo","Báhko \"Markens\" vuojnnu boasstot tjáleduvvam.",["Marken","Martens","Markena","Markenis","Márens","Markajs","Markas","Markan","Mareno","Maiken"],"\"Markens\" vuojnnu boasstot tjáleduvvam"]],"text":"Markens Grø d Markens” j ¶"}
divvun-checker(73526,0x7ff854213680) malloc: *** error for object 0x60000af25ca0: pointer being freed was not allocated
divvun-checker(73526,0x7ff854213680) malloc: *** set a breakpoint in malloc_error_break to debug

divvun-checker --version: 0.3.10 smj.zcheck is a few days old build of the grammarchecker

albbas commented 1 year ago

The result on Ubuntu Linux is:

{"errs":[["Grø",8,11,"typo","Báhko \"Grø\" vuojnnu boasstot tjáleduvvam.",["Gro","Gry","Grøa","Ärø","Årø","Ærø"],"\"Grø\" vuojnnu boasstot tjáleduvvam"],["Markens",14,21,"typo","Báhko \"Markens\" vuojnnu boasstot tjáleduvvam.",["Marken","Markena","Markenis","Martens","Márens","Markajs","Markan","Markas","Mareno","Malkenes"],"\"Markens\" vuojnnu boasstot tjáleduvvam"]],"text":"Markens Grø d Markens” j ¶"}
double free or corruption (!prev)
Aborted
albbas commented 1 year ago

The original sentence that causes the crash is: Juo åvddåla gå tjállegåhtiv dáv sierrabargov, de juo diehtiv riek ålov Hamsuna birra. Mån juo låhkiv ”Markens Grødev” gå váddsiv nuorrajskåvlån, ja dáv giessev guoldaliv ”Markens grøde” jiednagirjev. Muv foalgge l aj årrum Hábmelin gånnå Hamsun aj åroj, ja dan diehti li sij adtnám dáhkamuhájt Hamsunijn.

albbas commented 1 year ago

Another sentence, different error message:

echo Sámegiela båhti ienep vuojnnusij almulasjvuodan, nav dagu rahtegalbajn moadda sáme guovlojn. Boahttejage máhttep ihkap vat mannagoahtet ienebut, ja de bessap vuojnnet sáme galbajt rijkarájájn ja girddesaljojn nuorttan, ja ådå pássajn jali ID-kårtåjn sjaddá aj sáme tæksta. Sámegiella vuojttá ådå arienájt, Giellavahko oattjoj Lemet Máhtte Eira Sara Giellalåpptim-bálkáv jårggålimes Minecraft Sámegiellaj. Dálla galggi nuora oahppa háledit dråvnåj – sámegiellaj! ¶ | divvun-checker -a smj.zcheck

munmap_chunk(): invalid pointer
Aborted
unhammer commented 1 year ago 
$ cflags="-ggdb3 -DUSE_ICU_UNICODE=1 -O0"
$ ./configure --enable-checker  CFLAGS="$cflags" CXXFLAGS="$cflags" LDFLAGS="-ggdb3"

$ make -j 

$ echo 'Markens Grø d Markens” j ¶' >input.txt

$ printf "set pagination off\nrun -a /usr/share/voikko/4/smj.zcheck < input.txt\nthread apply all backtrace \nquit\n" | libtool --mode=execute gdb -- src/divvun-checker

[…noise…]

Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
{"errs":[["Grø",8,11,"typo","Báhko \"Grø\" vuojnnu boasstot tjáleduvvam.",["Gro","Gry","Grøa","Ärø","Årø","Ærø"],"\"Grø\" vuojnnu boasstot tjáleduvvam"],["Markens",14,21,"typo","Báhko \"Markens\" vuojnnu boasstot tjáleduvvam.",["Marken","Markenis","Martens","Márens","Markan","Markas","Mareno","Malkenes"],"\"Markens\" vuojnnu boasstot tjáleduvvam"]],"text":"Markens Grø d Markens” j ¶"}
double free or corruption (!prev)

Program received signal SIGABRT, Aborted.
__pthread_kill_implementation (no_tid=0, signo=6, threadid=140737270254080) at ./nptl/pthread_kill.c:44
44      ./nptl/pthread_kill.c: No such file or directory.
(gdb)
Thread 1 (Thread 0x7ffff3000a00 (LWP 1863424) "divvun-checker"):
#0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=140737270254080) at ./nptl/pthread_kill.c:44
#1  __pthread_kill_internal (signo=6, threadid=140737270254080) at ./nptl/pthread_kill.c:78
#2  __GI___pthread_kill (threadid=140737270254080, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
#3  0x00007ffff79b2476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4  0x00007ffff79987f3 in __GI_abort () at ./stdlib/abort.c:79
#5  0x00007ffff79f96f6 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff7b4bb8c "%s\n") at ../sysdeps/posix/libc_fatal.c:155
#6  0x00007ffff7a10d7c in malloc_printerr (str=str@entry=0x7ffff7b4e7d0 "double free or corruption (!prev)") at ./malloc/malloc.c:5664
#7  0x00007ffff7a12efc in _int_free (av=0x7ffff7b89c80 <main_arena>, p=0x55555657e530, have_lock=<optimized out>) at ./malloc/malloc.c:4591
#8  0x00007ffff7a154d3 in __GI___libc_free (mem=<optimized out>) at ./malloc/malloc.c:3391
#9  0x00007ffff790d3b0 in CG3::Reading::~Reading() () from /lib/x86_64-linux-gnu/libcg3.so.1
#10 0x00007ffff790e200 in ?? () from /lib/x86_64-linux-gnu/libcg3.so.1
#11 0x00007ffff79b5a56 in __cxa_finalize (d=0x7ffff796f568) at ./stdlib/cxa_finalize.c:83
#12 0x00007ffff78af8a7 in ?? () from /lib/x86_64-linux-gnu/libcg3.so.1
#13 0x00007fffffffd610 in ?? ()
#14 0x00007ffff7fc924e in _dl_fini () at ./elf/dl-fini.c:142
Backtrace stopped: frame did not save the PC

seems to be happening in libcg3?

unhammer commented 1 year ago

@TinoDidriksen @mr-martian maybe related to last week's changes?

TinoDidriksen commented 1 year ago

Nightly packages are now built with the workaround. Valgrind has no complaints.

No clue what object is held in multiple places to cause the double free, but these types are now insulated from being freed twice.