Project

General

Profile

Actions

Bug #687

closed

nkf with --numchar-input dumps core

Bug #687: nkf with --numchar-input dumps core

Added by mame (Yusuke Endoh) almost 17 years ago. Updated over 14 years ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
Backport:
[ruby-dev:36957]

Description

=begin
遠藤です。

nkf のビルド中に

gcc -I. -I../../.ext/include/i686-linux -I../.././include
-I../.././ext/nkf -DRUBY_EXTCONF_H="extconf.h"
-D_FILE_OFFSET_BITS=64 -fPIC -O3 -g -Wall -Wno-parentheses -o nkf.o
-c nkf.c
nkf-utf8/nkf.c: In function 'numchar_getc':
nkf-utf8/nkf.c:4127: 警告: array subscript is above array bounds
nkf-utf8/nkf.c:4127: 警告: array subscript is above array bounds
nkf-utf8/nkf.c:4114: 警告: array subscript is above array bounds
nkf-utf8/nkf.c:4114: 警告: array subscript is above array bounds

という警告が出ていました。実際、以下のようにすると落ちます。

$ ruby19 -rnkf -e 'NKF.nkf("--numchar-input -w", "�")'
-e:1: [BUG] Segmentation fault
ruby 1.9.0 (2008-10-26 revision 19952) [i686-linux]

-- control frame ----------
c:0004 p:---- s:0011 b:0011 l:000010 d:000010 CFUNC :nkf
c:0003 p:0019 s:0006 b:0006 l:000005 d:000005 TOP -e:1
c:0002 p:---- s:0004 b:0004 l:000003 d:000003 FINISH :inherited
c:0001 p:0000 s:0002 b:0002 l:000001 d:000001 TOP :17

DBG> : "-e:1:in nkf'" DBG> : "-e:1:in '"
-- backtrace of native function call (Use addr2line) --
0x8151064
0x818ab7e
0x818abf8
0x80ebee0
0xffffe440
0xb7c2c404
0x813cc7a
0x814f09b
0x814191d
0x8148ac2
0x8148cb4
0x805a18f
0x805bf76
0x80591e0
0xb7de9ea8
0x80590c1

アボートしました

配列を大きさを適当に増やすと警告は消え、落ちなくなりました。

Index: ext/nkf/nkf-utf8/nkf.c

--- ext/nkf/nkf-utf8/nkf.c (revision 19966)
+++ ext/nkf/nkf-utf8/nkf.c (working copy)
@@ -4100,7 +4100,7 @@
nkf_char (*g)(FILE *) = i_ngetc;
nkf_char (*u)(nkf_char c ,FILE *f) = i_nungetc;
int i = 0, j;

  • nkf_char buf[8];
  • nkf_char buf[12];
    long c = -1;

    buf[i] = (*g)(f);

でも、以下のように あ に対して空文字列を返すので、他にも
問題があるようです。

$ ruby19 -rnkf -e 'p NKF.nkf("--numchar-input -w", "あ")'
""

--
Yusuke ENDOH
=end

Actions

Also available in: PDF Atom