search

ryanqq / chewing

Automatically exported from code.google.com/p/chewing
0 stars 0 forks source link

chewing crash in random stress test #472

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. cd test; make randkeystroke testchewing
2. for i in `seq 1000000 `;do echo seed $i; ./randkeystroke -s $i -r | 
./testchewing || break; done   

What is the expected output? What do you see instead?
crash

For example, some key sequences found to crash chewing:
echo '<T>|&Wt<H>mrJY)G<C2>OqJ<H><H>Yl<R>p0<EE>QE[^<C1>k' | ./testchewing
echo '+F<C9>hQ$UIICMr!X8/9<C3>(N<T>yU2!-LUI<D>`CS<D>jShm9SF}<EN>[`QYu<C8>k' | 
./testchewing

Original issue reported on code.google.com by kuang...@gmail.com on 16 Jan 2013 at 2:57

GoogleCodeExporter commented 9 years ago 
It is fixed in [1]. Thank for reporting this.

[1] 
https://github.com/chewing/libchewing/commit/b262b063dd72b8e916a07426b61b022a7d3
7b605

Original comment by czchen on 17 Jan 2013 at 2:58

GoogleCodeExporter commented 9 years ago 
Thanks.

Please use my new committed code, test/stresstest.py

Following are more sample keystrokes to crash chewing:
echo '?Y<L>?S(%ZCNR?Z<C0>K<L>' | ./testchewing
echo 'n <H>G<C1>J' | ./testchewing
echo '#DQTU}MQUC(R|<C0>J<L>' | ./testchewing
echo '!]FFN]D+SOFY_`J<L>' | ./testchewing
echo '&[#JQ)P!A_Y}(`J<L>' | ./testchewing
echo '!<SL>N)D*D(+$YD#`k<L>' | ./testchewing
echo '(<C1>2!$B_]L?L%S}<C0>j<L>' | ./testchewing
echo '#M(|TG@QTDVS*<D>K<L>7xo' | ./testchewing
echo ']<L>LDL%XXOF*FFO<C0>j<L>' | ./testchewing
echo '(<C1>j$]=ANQ]F]GG<C0>K<L>' | ./testchewing
echo '#<H>OYIT[O|@_<C0>2Z<C1>K<L>' | ./testchewing
echo ')W<H>EZ=U{*FF|F<C0>K<L>' | ./testchewing
echo ')X^+?RZOE!JT{`j<L>' | ./testchewing
echo '#C#%NX^]&%H#!<C1>J<L>' | ./testchewing

Original comment by kuang...@gmail.com on 18 Jan 2013 at 9:28

GoogleCodeExporter commented 9 years ago 
The issue is because 'j', 'k' in select mode cannot handle symbol selecting 
well. 'j', 'k' use ChoiceFirstAvail() to change select page. However, 
ChoiceFirstAvail() can only handle word and phrase selecting, but not symbol 
selecting. When 'j', 'k' crossing symbol, it will set pci->nPage to zero 
because there is no candidate. And pci->nPage will cause buffer overflow.

The following is a short sequence for these kind of issue:
hk4`2<D>jk

Original comment by czchen on 18 Jan 2013 at 4:01

GoogleCodeExporter commented 9 years ago 
Fix 'j', 'k' issue in the following commit.

https://github.com/chewing/libchewing/commit/1afcc26b064f2522214a059c703de2c9295
e0614

However, there is another crash issue.

echo 'wu4<C0>l/jr)<C3>o 
ev@Vyw0<L><EE>z3v<C4>!(X_D<R><E><H><C4>6<C6>lF<EN>Qgj]<EN>4<C7>BB}l+7=<C9>+V*Aiq
x<C1>jjb?vDhA|nJRr<CB>OSRF3v<C9>Et ^gb<C4>NP<EE>X-cz<U>' | ./testchewing

Original comment by czchen on 18 Jan 2013 at 4:56

GoogleCodeExporter commented 9 years ago 
Thanks! chewing looks much much more stable now.

There are only 9 crashes found so far for seed < 100000 (on FreeBSD).
Those crashes could be grouped into two cases:

1. use "j" in symbol input
echo '5 `j<L>' | ./testchewing

2. use "j" with <C0> or <C1>
echo 'l4<C1>J<R>' | ./testchewing
echo 'ek3<C0>j' | ./testchewing

Original comment by kuang...@gmail.com on 19 Jan 2013 at 3:00

GoogleCodeExporter commented 9 years ago 
Try this one [1]. It does not crash for seed > 3m on Linux 64-bit.

[1] 
https://github.com/chewing/libchewing/commit/b53c694c66389609098843e37e8fdae35ef
f9098

Original comment by czchen on 22 Jan 2013 at 12:44

GoogleCodeExporter commented 9 years ago

Original comment by kuang...@gmail.com on 23 Jan 2013 at 3:33