espeak-ng segmentation fault (core dumped)

[alex19EP]

how to reproduce

run:

espeak-ng -v ru+max -s 449 -m "<speak>  <mark name=\"26:34\"/>PKGBUILD <mark name=\"35:36\"/>  <mark name=\"37:38\"/>4 <mark name=\"39:43\"/> плюс  плюс     <mark name=\"45:46\"/>1 <mark name=\"47:51\"/>file <mark name=\"52:60\"/>changed, <mark name=\"61:62\"/>2 <mark name=\"63:77\"/>insertions( плюс ), <mark name=\"78:79\"/>2 <mark name=\"80:92\"/>deletions( )  <mark name=\"94:98\"/>diff <mark name=\"99:104\"/>  git <mark name=\"105:115\"/>c косая черта PKGBUILD <mark name=\"116:126\"/>i косая черта PKGBUILD <mark name=\"127:132\"/>index <mark name=\"133:149\"/>db00b50 точка  точка 7e212ef <mark name=\"150:156\"/>100644 <mark name=\"157:160\"/>    <mark name=\"161:171\"/>c косая черта PKGBUILD <mark name=\"172:175\"/> плюс  плюс  плюс  <mark name=\"176:186\"/>i косая черта PKGBUILD <mark name=\"187:189\"/> собака  собака  <mark name=\"190:194\"/> минус 4 ,7 <mark name=\"195:199\"/> плюс 4 ,7 <mark name=\"200:202\"/> собака  собака   <mark name=\"204:205\"/> решётка  <mark name=\"206:218\"/>Contributor: <mark name=\"219:228\"/>Christoph <mark name=\"229:234\"/>Bayer <mark name=\"235:254\"/> меньше chrbayer собака criby точка de больше     <mark name=\"258:292\"/>pkgname равно android sdk platform tools <mark name=\"293:307\"/> pkgver равно 31 .0 .3 <mark name=\"308:322\"/> плюс pkgver равно 32 .0 .0  <mark name=\"324:332\"/>pkgrel равно 1  <mark name=\"334:357\"/>pkgdesc равно  Platform Tools <mark name=\"358:361\"/>for <mark name=\"362:368\"/>Google <mark name=\"369:376\"/>Android <mark name=\"377:380\"/>SDK <mark name=\"381:385\"/>(adb <mark name=\"386:389\"/>and <mark name=\"390:400\"/>fastboot)   <mark name=\"402:417\"/>arch равно ( x86 64&apos;) <mark name=\"418:420\"/> собака  собака  <mark name=\"421:426\"/> минус 17 ,7 <mark name=\"427:432\"/> плюс 17 ,7 <mark name=\"433:435\"/> собака  собака  <mark name=\"436:464\"/>install равно  $ pkgname  точка install   <mark name=\"466:552\"/>source равно ( https: косая черта  косая черта dl точка google точка com косая черта android косая черта repository косая черта platform tools r$ pkgver  linux точка zip   <mark name=\"562:575\"/> adb точка service   <mark name=\"585:600\"/> license точка html ) <mark name=\"601:654\"/> sha1sums равно ( f09581347ed39978abb3a99c6bb286de6adc98ef&apos; <mark name=\"655:708\"/> плюс sha1sums равно ( 67ad18f3a2a6716d957b9ce630ea5e564171838a&apos;  <mark name=\"720:762\"/> 49a40c129199844603afe71fce69c0908e062393&apos;  <mark name=\"774:817\"/> bfb91be7e0b602d765b7a1fcaf0ce1b7e1a93faa&apos;)   <mark name=\"820:866\"/> косая черта tmp косая черта aur3VXf Cm косая черта android sdk platform tools точка diff <mark name=\"867:872\"/>(END)</speak>"

what happens

espeak-ng dumps core with back trace:

(gdb) thread apply all bt full

``` Thread 4 (Thread 0x7fadaa1de640 (LWP 9085)): #0 0x00007fadabadb8ca in __futex_abstimed_wait_common64 () from /usr/lib/libpthread.so.0 No symbol table info available. #1 0x00007fadabad5270 in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0 No symbol table info available. #2 0x00007fadabcf0e4d in polling_thread (p=) at src/libespeak-ng/event.c:264 a_stop_is_required = false __PRETTY_FUNCTION__ = "polling_thread" #3 0x00007fadabacf259 in start_thread () from /usr/lib/libpthread.so.0 No symbol table info available. #4 0x00007fadabbe55e3 in clone () from /usr/lib/libc.so.6 No symbol table info available. Thread 3 (Thread 0x7fada63f3640 (LWP 9084)): #0 0x00007fadabbdab2f in poll () from /usr/lib/libc.so.6 No symbol table info available. #1 0x00007fadab637ae4 in ?? () from /usr/lib/libpulse.so.0 No symbol table info available. #2 0x00007fadab6214b9 in pa_mainloop_poll () from /usr/lib/libpulse.so.0 No symbol table info available. #3 0x00007fadab62b709 in pa_mainloop_iterate () from /usr/lib/libpulse.so.0 No symbol table info available. #4 0x00007fadab62b7c1 in pa_mainloop_run () from /usr/lib/libpulse.so.0 No symbol table info available. #5 0x00007fadab63bc9e in ?? () from /usr/lib/libpulse.so.0 No symbol table info available. #6 0x00007fadab5ce403 in ?? () from /usr/lib/pulseaudio/libpulsecommon-15.0.so No symbol table info available. #7 0x00007fadabacf259 in start_thread () from /usr/lib/libpthread.so.0 No symbol table info available. #8 0x00007fadabbe55e3 in clone () from /usr/lib/libc.so.6 No symbol table info available. Thread 2 (Thread 0x7fadaaf673c0 (LWP 9081)): #0 0x00007fadabbada95 in clock_nanosleep@GLIBC_2.2.5 () from /usr/lib/libc.so.6 No symbol table info available. #1 0x00007fadabbb2c77 in nanosleep () from /usr/lib/libc.so.6 No symbol table info available. #2 0x00007fadabbdda99 in usleep () from /usr/lib/libc.so.6 No symbol table info available. #3 0x00007fadabcdbeab in espeak_ng_Synchronize () at src/libespeak-ng/speech.c:915 berr = ENS_GROUP_ERRNO #4 0x00005577587fe9ca in main (argc=, argv=) at src/espeak-ng.c:752 f_text = p_text = 0x7ffcf87c4c5a " PKGBUILD 4 плюс плюс 1 file changed"... f_phonemes_out = 0x7fadabca8520 <_IO_2_1_stdout_> data_path = 0x0 option_index = 0 c = ix = optarg2 = value = -1411758768 flag_stdin = flag_compile = 0 flag_load = 0 filesize = synth_flags = 4368 volume = -1 speed = 449 pitch = -1 wordgap = -1 option_capitals = -1 option_punctuation = -1 phonemes_separator = 0 phoneme_options = 0 option_linelength = 0 option_waveout = 0 voice_select = {name = 0x7fadabcb40f0 "0\f", languages = 0x7fad00000000 , identifier = 0xffffffff , gender = 0 '\000', age = 0 '\000', variant = 0 '\000', xx1 = 0 '\000', score = 0, spare = 0x7fadabaf1908} filename = "\000.|\370\374\177\000\000\274\307Ht\202+", '\000' , "(\242\177\370\374\177\000\000\000\000\000\000 ", '\000' , "\001\000\000\000\000\000\000\000\366u\256\003\001", '\000' , "@\002\000\000@\003\000\000\200\003\000\000\200\003\000\000\200\003\000\000\200\003\000\000\200\003\000\000\200\003\000\000\200\003\000\000\200\003\000\000\200\003\000\000\200\003\000\000\200\003\000\000\200\003\000\000\200\003\000\000\200\003\000\000\200\003\000\000\200\003\000\000\200\003\000\000\200\003\000\000\200\003\000\000\200\003\000\000\200\003\000\000\200\003\000" voicename = "ru+max", '\000' devicename = "\000\235٫\255\177\000\000\205\317c\t\000\000\000\000\000\065ի\255\177\000\000\257\242ث\255\177\000\000\a\000\000\000\254\202\226\006H\301\256\253\255\177", '\000' , "\065ի\255\177\000\000\001", '\000' , "\370\377\377\377\377\377\377\377\300s\366\252\255\177\000\000\340Aګ\255\177\000\000\002\244ث\255\177\000\000\300s\366\252\255\177\000\000\340\261ث\255\177\000\000k\271\244t\202+\000\000\336x\327\253\255\177\000\000\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000r\225٫\255\177\000\000\000\000\000\000\000\000\000\000\300s\366\252\255\177\000\000\000Gګ\255\177\000\000\001@ګ\255\177\000" option_punctlist = L"\000\x380\x380\x380\xabacdc10羭\x14000004\000\xabad9870羭\xabbdc574羭\xabca7a00羭ʐ\000\000\000\xabb73f9d羭\000\000\xabb6f9ba羭\xf87fa000翼\000\000\x58ffc000啷\xfffff000\xffffffffက\000d\000\x587fefc0啷က\000\000\000)\000\xabca7a00羭ʐ\000ʀ\000\xffffffb8\xffffffff\xabca7a60羭\xabb713be羭Ā\000\xabb713be羭'\000\000\000\001\000ʀ\000\060\000%\000\003\000\n\000):\000\000\003\060\000\000\000\000\xabb713be羭|w\000\000ᆿ\000\xabca7a00羭\000\000𑰀" context = 0x0 result = long_options = {{name = 0x557758800dd0 "help", has_arg = 0, flag = 0x0, val = 104}, {name = 0x557758800dd5 "stdin", has_arg = 0, flag = 0x0, val = 256}, {name = 0x557758800d3e "compile-debug", has_arg = 2, flag = 0x0, val = 257}, {name = 0x557758800d4e "compile", has_arg = 2, flag = 0x0, val = 258}, {name = 0x557758800ddb "punct", has_arg = 2, flag = 0x0, val = 259}, {name = 0x557758800de1 "voices", has_arg = 2, flag = 0x0, val = 260}, {name = 0x557758800d28 "stdout", has_arg = 0, flag = 0x0, val = 261}, {name = 0x557758800de8 "split", has_arg = 2, flag = 0x0, val = 262}, {name = 0x557758800dee "path", has_arg = 1, flag = 0x0, val = 263}, {name = 0x557758800df3 "phonout", has_arg = 1, flag = 0x0, val = 264}, {name = 0x557758800dfb "pho", has_arg = 0, flag = 0x0, val = 265}, {name = 0x557758800dff "ipa", has_arg = 2, flag = 0x0, val = 266}, {name = 0x557758800e03 "version", has_arg = 0, flag = 0x0, val = 267}, {name = 0x557758800e0b "sep", has_arg = 2, flag = 0x0, val = 268}, {name = 0x557758800e0f "tie", has_arg = 2, flag = 0x0, val = 269}, {name = 0x557758800e13 "compile-mbrola", has_arg = 2, flag = 0x0, val = 270}, {name = 0x557758800e22 "compile-intonations", has_arg = 0, flag = 0x0, val = 271}, {name = 0x557758800e36 "compile-phonemes", has_arg = 2, flag = 0x0, val = 272}, {name = 0x557758800e47 "load", has_arg = 0, flag = 0x0, val = 273}, {name = 0x0, has_arg = 0, flag = 0x0, val = 0}} Thread 1 (Thread 0x7fadaabf4640 (LWP 9082)): #0 Word_EmbeddedCmd () at src/libespeak-ng/translate.c:1184 embedded_cmd = value = #1 0x00007fadabce1cad in TranslateWord2 (tr=tr@entry=0x55775905b840, word=word@entry=0x7fadaabe8951 "( end ) ", wtab=wtab@entry=0x7fadaabe9670, pre_pause=0) at src/libespeak-ng/translate.c:1276 flags = 0 stress = next_stress = next_tone = 0 p = srcix = found_dict_flag = ph_code = plist2 = ph = max_stress = max_stress_ix = 0 prev_vowel = -1 pitch_raised = 0 switch_phonemes = -1 first_phoneme = true source_ix = 697 len = 0 ix = sylimit = new_language = bad_phoneme = 0 word_flags = 262208 word_copy_len = word_copy = "diff \207ка \260 \260 ", '\000' word_replaced = '\000' old_dictionary_name = "ru", '\000' #2 0x00007fadabce42f1 in TranslateClause (tr=0x55775905b840, tone_out=tone_out@entry=0x7fadaabf3ad4, voice_change=voice_change@entry=0x7fadaabf3ad8) at src/libespeak-ng/translate.c:2596 nx = c_temp = 32 pn = pw = nw = number_buf = " 062. 393 bfb 91 be 7 e\000 fce 69 c\000\000\000\000\000\001\000\000\000\005", '\000' num_wtab = {{flags = 524288, start = 486, pre_pause = 0 '\000', sourceix = 475, length = 6 '\006'}, {flags = 524288, start = 486, pre_pause = 0 '\000', sourceix = 475, length = 6 '\006'}, {flags = 262208, start = 495, pre_pause = 4 '\004', sourceix = 512, length = 3 '\003'}, {flags = 0, start = 450, pre_pause = 0 '\000', sourceix = 447, length = 12 '\f'}, {flags = 0, start = 463, pre_pause = 0 '\000', sourceix = 459, length = 3 '\003'}, {flags = 0, start = 0, pre_pause = 0 '\000', sourceix = 56792, length = 0 '\000'}, {flags = 0, start = 0, pre_pause = 0 '\000', sourceix = 32, length = 49 '1'}, {flags = 262144, start = 1724, pre_pause = 1 '\001', sourceix = 21879, length = 0 '\000'}, {flags = 0, start = 1024, pre_pause = 0 '\000', sourceix = 0, length = 0 '\000'}, {flags = 123332, start = 0, pre_pause = 0 '\000', sourceix = 0, length = 0 '\000'}, {flags = 2228256, start = 0, pre_pause = 4 '\004', sourceix = 1484, length = 1 '\001'}, {flags = 21879, start = 0, pre_pause = 0 '\000', sourceix = 768, length = 0 '\000'}, {flags = 0, start = 6396, pre_pause = 0 '\000', sourceix = 0, length = 0 '\000'}, {flags = 0, start = 36, pre_pause = 126 '~', sourceix = 0, length = 4 '\004'}, {flags = 1493244996, start = 21879, pre_pause = 0 '\000', sourceix = 0, length = 0 '\000'}, {flags = 512, start = 0, pre_pause = 0 '\000', sourceix = 43196, length = 3 '\003'}, {flags = 0, start = 0, pre_pause = 0 '\000', sourceix = 32, length = 90 'Z'}, {flags = 262144, start = 2380, pre_pause = 1 '\001', sourceix = 21879, length = 0 '\000'}, {flags = 0, start = 1536, pre_pause = 0 '\000', sourceix = 0, length = 0 '\000'}, {flags = 140296, start = 0, pre_pause = 0 '\000', sourceix = 0, length = 0 '\000'}, {flags = 19857440, start = 0, pre_pause = 4 '\004', sourceix = 1692, length = 1 '\001'}, {flags = 21879, start = 0, pre_pause = 0 '\000', sourceix = 1024, length = 0 '\000'}, {flags = 0, start = 47240, pre_pause = 1 '\001', sourceix = 90, length = 0 '\000'}, {flags = 0, start = 36, pre_pause = 129 '\201', sourceix = 0, length = 4 '\004'}, {flags = 1493245044, start = 21879, pre_pause = 0 '\000', sourceix = 0, length = 0 '\000'}, {flags = 512, start = 0, pre_pause = 0 '\000', sourceix = 59932, length = 3 '\003'}, {flags = 0, start = 0, pre_pause = 0 '\000', sourceix = 32, length = 84 'T'}, {flags = 262144, start = 2284, pre_pause = 1 '\001', sourceix = 21879, length = 0 '\000'}, {flags = 0, start = 1536, pre_pause = 0 '\000', sourceix = 0, length = 0 '\000'}, {flags = 133888, start = 0, pre_pause = 0 '\000', sourceix = 0, length = 0 '\000'}, {flags = 4718626, start = 10295, pre_pause = 4 '\004', sourceix = 2092, length = 1 '\001'}, {flags = 21879, start = 0, pre_pause = 0 '\000', sourceix = 1280, length = 0 '\000'}, {flags = 0, start = 54036, pre_pause = 0 '\000', sourceix = 0, length = 0 '\000'}, {flags = 0, start = 36, pre_pause = 147 '\223', sourceix = 0, length = 4 '\004'}, {flags = 1493245332, start = 21879, pre_pause = 0 '\000', sourceix = 0, length = 0 '\000'}, {flags = 512, start = 0, pre_pause = 0 '\000', sourceix = 64268, length = 2 '\002'}, {flags = 0, start = 0, pre_pause = 0 '\000', sourceix = 36, length = 111 'o'}, {flags = 262144, start = 6996, pre_pause = 1 '\001', sourceix = 21879, length = 0 '\000'}, {flags = 0, start = 1024, pre_pause = 0 '\000', sourceix = 0, length = 0 '\000'}, {flags = 255304, start = 90, pre_pause = 0 '\000', sourceix = 0, length = 0 '\000'}, {flags = 1376288, start = 0, pre_pause = 4 '\004', sourceix = 1308, length = 1 '\001'}, {flags = 21879, start = 0, pre_pause = 0 '\000', sourceix = 0, length = 0 '\000'}, {flags = 0, start = 7972, pre_pause = 1 '\001', sourceix = 0, length = 0 '\000'}, {flags = 0, start = 2, pre_pause = 113 'q', sourceix = 12372, length = 4 '\004'}, {flags = 1493262968, start = 21879, pre_pause = 0 '\000', sourceix = 0, length = 0 '\000'}, {flags = 2048, start = 0, pre_pause = 0 '\000', sourceix = 38836, length = 0 '\000'}, {flags = 0, start = 0, pre_pause = 0 '\000', sourceix = 4, length = 36 '$'}, {flags = 262144, start = 24872, pre_pause = 1 '\001', sourceix = 21879, length = 0 '\000'}, {flags = 0, start = 512, pre_pause = 0 '\000', sourceix = 0, length = 0 '\000'}, {flags = 321312, start = 0, pre_pause = 0 '\000', sourceix = 0, length = 0 '\000'}} ix = c = cc = 0 source_index = 678 prev_source_index = source_index_word = 677 prev_in = 32 prev_out = 32 prev_out2 = 41 prev_in_save = next_in = 0 next_in_nbytes = 1 char_inserted = clause_pause = 400 pre_pause_add = -1430351868 all_upper_case = 1 alpha_count = 0 finished = single_quoted = false phoneme_mode = dict_flags = word_flags = 262144 next_word_flags = 0 new_sentence2 = embedded_count = 0 letter_count = 3 space_inserted = false syllable_marked = false decimal_sep_count = false word = 0x7fadaabe8951 "( end ) " p = j = k = n_digits = charix_top = 676 charix = {0, -1, 1, -1, 2, -1, 3, -1, 4, -1, 5, 0, -1, 7, -1, 8, -1, 9, -1, 10, -1, 11, 0, 0, -1, 14, -1, 15, -1, 16, -1, 17, -1, 18, 0, -1, 20, -1, 21, -1, 22, -1, 23, -1, 24, 0, 26, 27, 0, -1, 29, -1, 30, -1, 31, -1, 32, -1, 33, 0, 35, 36, 37, 38, 39, 40, 0, -1, 42, -1, 43, -1, 44, -1, 45, -1, 46, 0, 48, 49, 50, 0, -1, 52, -1, 53, -1, 54, -1, 55, -1, 56, 0, -1, 58, -1, 59, -1, 60, -1, 61, -1, 62, 0, 64, 65, 66, 67, 68, 69, 70, 0, -1, 72, -1, 73, -1, 74, -1, 75, -1, 76, 0, -1, 78, -1, 79, -1, 80, -1, 81, -1, 82, 0, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 0, -1, 95, -1, 96, -1, 97, -1, 98, -1, 99, 0, -1, 101, -1, 102, -1, 103, -1, 104, -1, 105, 0, 107, 108, 109, 110, 111, 112, 113, 114, 0, 116, 117, 118, 119, 120, 0, 122, 123, 0, 125, 126, 127, 128, 129, 130, 0, 0, 133, 134, 135, 136, 137, 0, -1...} words = {{flags = 512, start = 3, pre_pause = 0 '\000', sourceix = 1, length = 5 '\005'}, {flags = 0, start = 14, pre_pause = 0 '\000', sourceix = 7, length = 5 '\005'}, {flags = 262144, start = 25, pre_pause = 0 '\000', sourceix = 14, length = 5 '\005'}, {flags = 0, start = 36, pre_pause = 0 '\000', sourceix = 20, length = 5 '\005'}, {flags = 4194304, start = 47, pre_pause = 0 '\000', sourceix = 26, length = 2 '\002'}, {flags = 0, start = 50, pre_pause = 0 '\000', sourceix = 29, length = 5 '\005'}, {flags = 4194304, start = 61, pre_pause = 0 '\000', sourceix = 35, length = 6 '\006'}, {flags = 0, start = 68, pre_pause = 0 '\000', sourceix = 42, length = 5 '\005'}, {flags = 4194304, start = 79, pre_pause = 0 '\000', sourceix = 48, length = 3 '\003'}, {flags = 0, start = 83, pre_pause = 0 '\000', sourceix = 52, length = 5 '\005'}, {flags = 0, start = 94, pre_pause = 0 '\000', sourceix = 58, length = 5 '\005'}, {flags = 4194304, start = 105, pre_pause = 0 '\000', sourceix = 64, length = 7 '\a'}, {flags = 0, start = 113, pre_pause = 0 '\000', sourceix = 72, length = 5 '\005'}, {flags = 0, start = 124, pre_pause = 0 '\000', sourceix = 78, length = 5 '\005'}, {flags = 4194304, start = 135, pre_pause = 0 '\000', sourceix = 84, length = 10 '\n'}, {flags = 0, start = 146, pre_pause = 0 '\000', sourceix = 95, length = 5 '\005'}, {flags = 0, start = 157, pre_pause = 0 '\000', sourceix = 101, length = 5 '\005'}, {flags = 4194304, start = 168, pre_pause = 0 '\000', sourceix = 107, length = 8 '\b'}, {flags = 4194304, start = 177, pre_pause = 0 '\000', sourceix = 116, length = 5 '\005'}, {flags = 4194304, start = 183, pre_pause = 0 '\000', sourceix = 122, length = 1 '\001'}, {flags = 0, start = 185, pre_pause = 0 '\000', sourceix = 123, length = 1 '\001'}, {flags = 4194304, start = 187, pre_pause = 0 '\000', sourceix = 125, length = 6 '\006'}, {flags = 4456448, start = 194, pre_pause = 0 '\000', sourceix = 133, length = 5 '\005'}, {flags = 0, start = 200, pre_pause = 0 '\000', sourceix = 139, length = 5 '\005'}, {flags = 4194304, start = 211, pre_pause = 0 '\000', sourceix = 145, length = 3 '\003'}, {flags = 4456448, start = 215, pre_pause = 0 '\000', sourceix = 174, length = 3 '\003'}, {flags = 0, start = 219, pre_pause = 0 '\000', sourceix = 178, length = 5 '\005'}, {flags = 4194304, start = 230, pre_pause = 0 '\000', sourceix = 184, length = 7 '\a'}, {flags = 4456448, start = 238, pre_pause = 0 '\000', sourceix = 217, length = 7 '\a'}, {flags = 0, start = 246, pre_pause = 0 '\000', sourceix = 225, length = 5 '\005'}, {flags = 4194304, start = 257, pre_pause = 0 '\000', sourceix = 231, length = 4 '\004'}, {flags = 0, start = 262, pre_pause = 0 '\000', sourceix = 261, length = 8 '\b'}, {flags = 4456448, start = 264, pre_pause = 4 '\004', sourceix = 261, length = 3 '\003'}, {flags = 0, start = 268, pre_pause = 0 '\000', sourceix = 264, length = 1 '\001'}, {flags = 4194304, start = 270, pre_pause = 0 '\000', sourceix = 265, length = 4 '\004'}, {flags = 0, start = 275, pre_pause = 0 '\000', sourceix = 270, length = 5 '\005'}, {flags = 0, start = 286, pre_pause = 0 '\000', sourceix = 278, length = 40 '('}, {flags = 4194304, start = 288, pre_pause = 4 '\004', sourceix = 278, length = 1 '\001'}, {flags = 524288, start = 290, pre_pause = 0 '\000', sourceix = 279, length = 8 '\b'}, {flags = 4194304, start = 299, pre_pause = 0 '\000', sourceix = 287, length = 2 '\002'}, {flags = 0, start = 302, pre_pause = 0 '\000', sourceix = 289, length = 5 '\005'}, {flags = 4194304, start = 308, pre_pause = 0 '\000', sourceix = 294, length = 3 '\003'}, {flags = 0, start = 312, pre_pause = 0 '\000', sourceix = 297, length = 1 '\001'}, {flags = 4194304, start = 314, pre_pause = 0 '\000', sourceix = 298, length = 1 '\001'}, {flags = 0, start = 316, pre_pause = 0 '\000', sourceix = 299, length = 2 '\002'}, {flags = 4194304, start = 319, pre_pause = 0 '\000', sourceix = 301, length = 1 '\001'}, {flags = 0, start = 321, pre_pause = 0 '\000', sourceix = 302, length = 1 '\001'}, {flags = 4194304, start = 323, pre_pause = 0 '\000', sourceix = 303, length = 2 '\002'}, {flags = 0, start = 326, pre_pause = 0 '\000', sourceix = 305, length = 3 '\003'}, {flags = 4194304, start = 330, pre_pause = 0 '\000', sourceix = 308, length = 2 '\002'}, {flags = 0, start = 333, pre_pause = 0 '\000', sourceix = 310, length = 1 '\001'}, {flags = 4194304, start = 335, pre_pause = 0 '\000', sourceix = 311, length = 3 '\003'}, {flags = 0, start = 339, pre_pause = 0 '\000', sourceix = 314, length = 2 '\002'}, {flags = 4194304, start = 342, pre_pause = 0 '\000', sourceix = 316, length = 2 '\002'}, {flags = 262144, start = 346, pre_pause = 4 '\004', sourceix = 348, length = 4 '\004'}, {flags = 4194304, start = 355, pre_pause = 0 '\000', sourceix = 353, length = 3 '\003'}, {flags = 0, start = 359, pre_pause = 0 '\000', sourceix = 356, length = 1 '\001'}, {flags = 4194304, start = 361, pre_pause = 0 '\000', sourceix = 357, length = 4 '\004'}, {flags = 0, start = 366, pre_pause = 0 '\000', sourceix = 362, length = 5 '\005'}, {flags = 0, start = 377, pre_pause = 0 '\000', sourceix = 370, length = 40 '('}, {flags = 0, start = 379, pre_pause = 4 '\004', sourceix = 370, length = 2 '\002'}, {flags = 4194304, start = 382, pre_pause = 0 '\000', sourceix = 372, length = 2 '\002'}, {flags = 0, start = 385, pre_pause = 0 '\000', sourceix = 374, length = 2 '\002'}, {flags = 4194304, start = 388, pre_pause = 0 '\000', sourceix = 376, length = 1 '\001'}, {flags = 0, start = 390, pre_pause = 0 '\000', sourceix = 377, length = 1 '\001'}, {flags = 4194304, start = 392, pre_pause = 0 '\000', sourceix = 378, length = 1 '\001'}, {flags = 0, start = 394, pre_pause = 0 '\000', sourceix = 379, length = 1 '\001'}, {flags = 4194304, start = 396, pre_pause = 0 '\000', sourceix = 380, length = 1 '\001'}, {flags = 0, start = 398, pre_pause = 0 '\000', sourceix = 381, length = 4 '\004'}, {flags = 4194304, start = 403, pre_pause = 0 '\000', sourceix = 385, length = 1 '\001'}, {flags = 0, start = 405, pre_pause = 0 '\000', sourceix = 386, length = 3 '\003'}, {flags = 4194304, start = 409, pre_pause = 0 '\000', sourceix = 389, length = 1 '\001'}, {flags = 0, start = 411, pre_pause = 0 '\000', sourceix = 390, length = 1 '\001'}, {flags = 4194304, start = 413, pre_pause = 0 '\000', sourceix = 391, length = 2 '\002'}, {flags = 0, start = 416, pre_pause = 0 '\000', sourceix = 393, length = 3 '\003'}, {flags = 4194304, start = 420, pre_pause = 0 '\000', sourceix = 396, length = 2 '\002'}, {flags = 0, start = 423, pre_pause = 0 '\000', sourceix = 398, length = 1 '\001'}, {flags = 4194304, start = 425, pre_pause = 0 '\000', sourceix = 399, length = 1 '\001'}, {flags = 0, start = 427, pre_pause = 0 '\000', sourceix = 400, length = 9 '\t'}, {flags = 4194304, start = 437, pre_pause = 0 '\000', sourceix = 409, length = 1 '\001'}, {flags = 262144, start = 440, pre_pause = 4 '\004', sourceix = 441, length = 2 '\002'}, {flags = 4194304, start = 443, pre_pause = 0 '\000', sourceix = 443, length = 1 '\001'}, {flags = 0, start = 445, pre_pause = 0 '\000', sourceix = 444, length = 2 '\002'}, {flags = 4194304, start = 448, pre_pause = 0 '\000', sourceix = 446, length = 1 '\001'}, {flags = 0, start = 450, pre_pause = 0 '\000', sourceix = 447, length = 12 '\f'}, {flags = 4194304, start = 463, pre_pause = 0 '\000', sourceix = 459, length = 3 '\003'}, {flags = 0, start = 467, pre_pause = 0 '\000', sourceix = 462, length = 2 '\002'}, {flags = 4194304, start = 470, pre_pause = 0 '\000', sourceix = 464, length = 3 '\003'}, {flags = 0, start = 474, pre_pause = 0 '\000', sourceix = 467, length = 2 '\002'}, {flags = 4194304, start = 477, pre_pause = 0 '\000', sourceix = 469, length = 1 '\001'}, {flags = 0, start = 479, pre_pause = 0 '\000', sourceix = 470, length = 4 '\004'}, {flags = 4194304, start = 484, pre_pause = 0 '\000', sourceix = 474, length = 1 '\001'}, {flags = 524288, start = 486, pre_pause = 0 '\000', sourceix = 475, length = 6 '\006'}, {flags = 4456448, start = 495, pre_pause = 4 '\004', sourceix = 512, length = 3 '\003'}, {flags = 0, start = 499, pre_pause = 0 '\000', sourceix = 515, length = 2 '\002'}, {flags = 4194304, start = 502, pre_pause = 0 '\000', sourceix = 517, length = 2 '\002'}, {flags = 0, start = 505, pre_pause = 0 '\000', sourceix = 519, length = 1 '\001'}, {flags = 4194304, start = 507, pre_pause = 0 '\000', sourceix = 520, length = 1 '\001'}, {flags = 0, start = 509, pre_pause = 0 '\000', sourceix = 521, length = 1 '\001'}, {flags = 4194304, start = 511, pre_pause = 0 '\000', sourceix = 522, length = 1 '\001'}, {flags = 0, start = 513, pre_pause = 0 '\000', sourceix = 523, length = 3 '\003'}, {flags = 4194304, start = 517, pre_pause = 0 '\000', sourceix = 526, length = 1 '\001'}, {flags = 0, start = 519, pre_pause = 0 '\000', sourceix = 527, length = 3 '\003'}, {flags = 4194304, start = 523, pre_pause = 0 '\000', sourceix = 530, length = 1 '\001'}, {flags = 0, start = 525, pre_pause = 0 '\000', sourceix = 531, length = 1 '\001'}, {flags = 4194304, start = 527, pre_pause = 0 '\000', sourceix = 532, length = 1 '\001'}, {flags = 0, start = 529, pre_pause = 0 '\000', sourceix = 533, length = 1 '\001'}, {flags = 4194304, start = 531, pre_pause = 0 '\000', sourceix = 534, length = 4 '\004'}, {flags = 0, start = 536, pre_pause = 0 '\000', sourceix = 538, length = 1 '\001'}, {flags = 4194304, start = 538, pre_pause = 0 '\000', sourceix = 539, length = 2 '\002'}, {flags = 0, start = 541, pre_pause = 0 '\000', sourceix = 541, length = 1 '\001'}, {flags = 4194304, start = 543, pre_pause = 0 '\000', sourceix = 542, length = 1 '\001'}, {flags = 0, start = 545, pre_pause = 0 '\000', sourceix = 543, length = 1 '\001'}, {flags = 4194304, start = 547, pre_pause = 0 '\000', sourceix = 544, length = 1 '\001'}, {flags = 0, start = 549, pre_pause = 0 '\000', sourceix = 545, length = 1 '\001'}, {flags = 4194304, start = 551, pre_pause = 0 '\000', sourceix = 546, length = 1 '\001'}, {flags = 0, start = 553, pre_pause = 0 '\000', sourceix = 547, length = 2 '\002'}, {flags = 4194304, start = 556, pre_pause = 0 '\000', sourceix = 549, length = 3 '\003'}, {flags = 0, start = 561, pre_pause = 4 '\004', sourceix = 585, length = 5 '\005'}, {flags = 262144, start = 563, pre_pause = 4 '\004', sourceix = 585, length = 5 '\005'}, {flags = 0, start = 574, pre_pause = 0 '\000', sourceix = 591, length = 5 '\005'}, {flags = 4194304, start = 585, pre_pause = 0 '\000', sourceix = 597, length = 3 '\003'}, {flags = 0, start = 589, pre_pause = 0 '\000', sourceix = 601, length = 5 '\005'}, {flags = 0, start = 600, pre_pause = 0 '\000', sourceix = 607, length = 5 '\005'}, {flags = 4194304, start = 611, pre_pause = 0 '\000', sourceix = 613, length = 3 '\003'}, {flags = 0, start = 615, pre_pause = 0 '\000', sourceix = 616, length = 1 '\001'}, {flags = 4194306, start = 617, pre_pause = 0 '\000', sourceix = 617, length = 3 '\003'}, {flags = 4194306, start = 621, pre_pause = 0 '\000', sourceix = 621, length = 2 '\002'}, {flags = 0, start = 624, pre_pause = 0 '\000', sourceix = 624, length = 5 '\005'}, {flags = 0, start = 635, pre_pause = 0 '\000', sourceix = 630, length = 5 '\005'}, {flags = 4194304, start = 646, pre_pause = 0 '\000', sourceix = 636, length = 7 '\a'}, {flags = 4194304, start = 654, pre_pause = 0 '\000', sourceix = 644, length = 3 '\003'}, {flags = 4194304, start = 658, pre_pause = 0 '\000', sourceix = 648, length = 8 '\b'}, {flags = 4194304, start = 667, pre_pause = 0 '\000', sourceix = 657, length = 5 '\005'}, {flags = 0, start = 673, pre_pause = 0 '\000', sourceix = 663, length = 5 '\005'}, {flags = 4194304, start = 684, pre_pause = 0 '\000', sourceix = 669, length = 4 '\004'}, {flags = 262144, start = 689, pre_pause = 0 '\000', sourceix = 697, length = 0 '\000'}, {flags = 19, start = 691, pre_pause = 0 '\000', sourceix = 697, length = 3 '\003'}, {flags = 0, start = 695, pre_pause = 0 '\000', sourceix = 0, length = 0 '\000'}, {flags = 0, start = 697, pre_pause = 8 '\b', sourceix = 0, length = 0 '\000'}, {flags = 0, start = 0, pre_pause = 0 '\000', sourceix = 0, length = 0 '\000'} } word_count = sbuf = "\000 косая черта косая черта dl точка google точка com косая черта android косая черта repository косая черта platform tools r $ pkgver linux точка zip adb точка service license точка html ) sha 1 sums "... terminator = 655400 tone = 0 voice_change_name = "zle/ru+max", '\000' #3 0x00007fadabce6a7c in SpeakNextClause (control=) at src/libespeak-ng/synthesize.c:1569 clause_tone = 0 voice_change = 0x1 phon_out = #4 0x00007fadabce83b9 in SpeakNextClause (control=1) at src/libespeak-ng/synthesize.c:1559 clause_tone = voice_change = phon_out = clause_tone = voice_change = phon_out = #5 Synthesize (unique_identifier=unique_identifier@entry=1, text=text@entry=0x55775905a830, flags=flags@entry=4368) at src/libespeak-ng/speech.c:492 length = finished = count_buffers = status = ENS_GROUP_ERRNO #6 0x00007fadabce9cbf in sync_espeak_Synth (unique_identifier=1, text=0x55775905a830, position=, position_type=POS_CHARACTER, end_position=0, flags=4368, user_data=0x0) at src/libespeak-ng/speech.c:570 aStatus = #7 0x00007fadabcf8435 in process_espeak_command (the_command=) at src/libespeak-ng/espeak_command.c:316 data = __PRETTY_FUNCTION__ = "process_espeak_command" #8 0x00007fadabcf8928 in say_thread (p=) at src/libespeak-ng/fifo.c:335 a_status = a_command = 0x557759028930 a_start_is_required = a_status = look_for_inactivity = true __PRETTY_FUNCTION__ = "say_thread" #9 0x00007fadabacf259 in start_thread () from /usr/lib/libpthread.so.0 No symbol table info available. #10 0x00007fadabbe55e3 in clone () from /usr/lib/libc.so.6 No symbol table info available. ```

what should happen

espeak-ng shouldn't crash.

[alex19EP]

I updated issue comment with more correct info.

also tested it with espeak-ng 1.50 it crashes too.

[kyrias]

I had some time to poke around at this in gdb and the segfault is caused by multiple out-of-bounds writes.

n_ph_list2 ends up becoming 1000, and since ph_list2 is an array of 1000 items this leads to an out-of-bounds write when SetPlist2 is called at translate.c:1716. This then ends up causing even more out-of-bounds writes, which in the end leads to embedded_ix becoming 0xA000000.

I haven't had the time to figure out why n_ph_list2 becomes too big though. I can share either a coredump or an rr trace if it'd help.

[sthibaul]

That's probably related to https://github.com/espeak-ng/espeak-ng/pull/1095

[jaacoppi]

Thanks!

Share everything you can. All help is appreciated.

[kyrias]

• rr trace
• coredump

[sthibaul]

Could you check that my PR #1095 fixes it?

[alex19EP]

Could you check that my PR #1095 fixes it?

yes. thank you!