glibc detected *** python: free(): invalid next size (fast): 0x0000000000cc5920 ***

[schmir]

import pyfribidi pyfribidi.log2vis('\xf0\x90\x8e\xa2\xf0\x90\x8e\xaf\xf0\x90\x8e\xb4\xf0\x90\x8e\xa1\xf0\x90\x8f\x83') * glibc detected * python: free(): invalid next size (fast): 0x0000000000cc5920 *** ======= Backtrace: ========= /lib/libc.so.6(+0x78e66)[0x7ff8d3e34e66] /home/ralf/local/lib/python2.7/site-packages/pyfribidi.so(+0xeaf)[0x7ff8d1ce6eaf] /home/ralf/local/lib/python2.7/site-packages/pyfribidi.so(+0x1254)[0x7ff8d1ce7254] /usr/lib/libpython2.7.so.1.0(PyEval_EvalFrameEx+0x5435)[0x7ff8d4459215] /usr/lib/libpython2.7.so.1.0(PyEval_EvalCodeEx+0x88f)[0x7ff8d445a86f] /usr/lib/libpython2.7.so.1.0(PyEval_EvalCode+0x32)[0x7ff8d445a9a2] /usr/lib/libpython2.7.so.1.0(+0xfbcac)[0x7ff8d4474cac] /usr/lib/libpython2.7.so.1.0(PyRun_InteractiveOneFlags+0x16b)[0x7ff8d44769fb] /usr/lib/libpython2.7.so.1.0(PyRun_InteractiveLoopFlags+0x4e)[0x7ff8d4476bee] /usr/lib/libpython2.7.so.1.0(PyRun_AnyFileExFlags+0x4c)[0x7ff8d44771ac] /usr/lib/libpython2.7.so.1.0(Py_Main+0xb85)[0x7ff8d4487c45] /lib/libc.so.6(__libc_start_main+0xed)[0x7ff8d3ddd38d] python[0x4006a1] ======= Memory map: ======== 00400000-00401000 r-xp 00000000 08:03 1188854 /home/ralf/py27/bin/python 00600000-00601000 r--p 00000000 08:03 1188854 /home/ralf/py27/bin/python 00601000-00602000 rw-p 00001000 08:03 1188854 /home/ralf/py27/bin/python 0093b000-00cef000 rw-p 00000000 00:00 0 [heap] 7ff8d18b9000-7ff8d18ce000 r-xp 00000000 08:02 762940 /usr/lib/libgcc_s.so.1 7ff8d18ce000-7ff8d1ace000 ---p 00015000 08:02 762940 /usr/lib/libgcc_s.so.1 7ff8d1ace000-7ff8d1acf000 rw-p 00015000 08:02 762940 /usr/lib/libgcc_s.so.1 7ff8d1acf000-7ff8d1ae5000 r-xp 00000000 08:02 765331 /usr/lib/libfribidi.so.0.3.1 7ff8d1ae5000-7ff8d1ce4000 ---p 00016000 08:02 765331 /usr/lib/libfribidi.so.0.3.1 7ff8d1ce4000-7ff8d1ce5000 r--p 00015000 08:02 765331 /usr/lib/libfribidi.so.0.3.1 7ff8d1ce5000-7ff8d1ce6000 rw-p 00016000 08:02 765331 /usr/lib/libfribidi.so.0.3.1 7ff8d1ce6000-7ff8d1ce8000 r-xp 00000000 08:03 1182188 /home/ralf/py27/lib/python2.7/site-packages/pyfribidi.so 7ff8d1ce8000-7ff8d1ee7000 ---p 00002000 08:03 1182188 /home/ralf/py27/lib/python2.7/site-packages/pyfribidi.so 7ff8d1ee7000-7ff8d1ee8000 r--p 00001000 08:03 1182188 /home/ralf/py27/lib/python2.7/site-packages/pyfribidi.so 7ff8d1ee8000-7ff8d1ee9000 rw-p 00002000 08:03 1182188 /home/ralf/py27/lib/python2.7/site-packages/pyfribidi.so 7ff8d1ee9000-7ff8d1eee000 r-xp 00000000 08:03 1185599 /home/ralf/py27/lib/python2.7/lib-dynload/strop.so 7ff8d1eee000-7ff8d20ed000 ---p 00005000 08:03 1185599 /home/ralf/py27/lib/python2.7/lib-dynload/strop.so 7ff8d20ed000-7ff8d20ee000 r--p 00004000 08:03 1185599 /home/ralf/py27/lib/python2.7/lib-dynload/strop.so 7ff8d20ee000-7ff8d20f0000 rw-p 00005000 08:03 1185599 /home/ralf/py27/lib/python2.7/lib-dynload/strop.so 7ff8d20f0000-7ff8d20f3000 r-xp 00000000 08:03 1185850 /home/ralf/py27/lib/python2.7/lib-dynload/_heapq.so 7ff8d20f3000-7ff8d22f2000 ---p 00003000 08:03 1185850 /home/ralf/py27/lib/python2.7/lib-dynload/_heapq.so 7ff8d22f2000-7ff8d22f3000 r--p 00002000 08:03 1185850 /home/ralf/py27/lib/python2.7/lib-dynload/_heapq.so 7ff8d22f3000-7ff8d22f5000 rw-p 00003000 08:03 1185850 /home/ralf/py27/lib/python2.7/lib-dynload/_heapq.so 7ff8d22f5000-7ff8d22f7000 r-xp 00000000 08:03 1185803 /home/ralf/py27/lib/python2.7/lib-dynload/_bisect.so 7ff8d22f7000-7ff8d24f6000 ---p 00002000 08:03 1185803 /home/ralf/py27/lib/python2.7/lib-dynload/_bisect.so 7ff8d24f6000-7ff8d24f7000 r--p 00001000 08:03 1185803 /home/ralf/py27/lib/python2.7/lib-dynload/_bisect.so 7ff8d24f7000-7ff8d24f8000 rw-p 00002000 08:03 1185803 /home/ralf/py27/lib/python2.7/lib-dynload/_bisect.so 7ff8d24f8000-7ff8d2502000 r-xp 00000000 08:03 1185916 /home/ralf/py27/lib/python2.7/lib-dynload/itertools.so 7ff8d2502000-7ff8d2701000 ---p 0000a000 08:03 1185916 /home/ralf/py27/lib/python2.7/lib-dynload/itertools.so 7ff8d2701000-7ff8d2702000 r--p 00009000 08:03 1185916 /home/ralf/py27/lib/python2.7/lib-dynload/itertools.so 7ff8d2702000-7ff8d2707000 rw-p 0000a000 08:03 1185916 /home/ralf/py27/lib/python2.7/lib-dynload/itertools.so 7ff8d2707000-7ff8d270f000 r-xp 00000000 08:03 1185863 /home/ralf/py27/lib/python2.7/lib-dynload/operator.so 7ff8d270f000-7ff8d290e000 ---p 00008000 08:03 1185863 /home/ralf/py27/lib/python2.7/lib-dynload/operator.so 7ff8d290e000-7ff8d290f000 r--p 00007000 08:03 1185863 /home/ralf/py27/lib/python2.7/lib-dynload/operator.so 7ff8d290f000-7ff8d2911000 rw-p 00008000 08:03 1185863 /home/ralf/py27/lib/python2.7/lib-dynload/operator.so 7ff8d2911000-7ff8d2917000 r-xp 00000000 08:03 1185743 /home/ralf/py27/lib/python2.7/lib-dynload/_collections.so 7ff8d2917000-7ff8d2b16000 ---p 00006000 08:03 1185743 /home/ralf/py27/lib/python2.7/lib-dynload/_collections.so 7ff8d2b16000-7ff8d2b17000 r--p 00005000 08:03 1185743 /home/ralf/py27/lib/python2.7/lib-dynload/_collections.so 7ff8d2b17000-7ff8d2b19000 rw-p 00006000 08:03 1185743 /home/ralf/py27/lib/python2.7/lib-dynload/_collections.so 7ff8d2b19000-7ff8d2b1d000 r-xp 00000000 08:03 1185799 /home/ralf/py27/lib/python2.7/lib-dynload/time.so 7ff8d2b1d000-7ff8d2d1c000 ---p 00004000 08:03 1185799 /home/ralf/py27/lib/python2.7/lib-dynload/time.so 7ff8d2d1c000-7ff8d2d1d000 r--p 00003000 08:03 1185799 /home/ralf/py27/lib/python2.7/lib-dynload/time.so 7ff8d2d1d000-7ff8d2d1f000 rw-p 00004000 08:03 1185799 /home/ralf/py27/lib/python2.7/lib-dynload/time.so 7ff8d2d1f000-7ff8d2d77000 r-xp 00000000 08:02 353561 /usr/lib/libncursesw.so.5.9 7ff8d2d77000-7ff8d2f76000 ---p 00058000 08:02 353561 /usr/lib/libncursesw.so.5.9 7ff8d2f76000-7ff8d2f7a000 r--p 00057000 08:02 353561 /usr/lib/libncursesw.so.5.9 7ff8d2f7a000-7ff8d2f7b000 rw-p 0005b000 08:02 353561 /usr/lib/libncursesw.so.5.9zsh: abort python

[schmir]

see https://bugzilla.wikimedia.org/show_bug.cgi?id=35055

[schmir]

fribidi_utf8_to_unicode consumes at most 3 bytes for a single unicode character, i.e. it does not handle unicode character above 0xffff. For a 4 byte utf-8 sequence it will generate 2 unicode characters, which overflows the logical buffer.