[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug#272136: More progress about the "Arabic crash" in Debian Installer



[Christian Perrier]
> Now really attached

Running the program in valgrind gave this error report.  Most of them
look like bugs in glibc to me.  Not sure if these bugs are the ones
trigging the crash.

==9047== Memcheck, a memory error detector for x86-linux.
==9047== Copyright (C) 2002-2004, and GNU GPL'd, by Julian Seward et al.
==9047== Using valgrind-2.2.0, a program supervision framework for x86-linux.
==9047== Copyright (C) 2000-2004, and GNU GPL'd, by Julian Seward et al.
==9047== For more details, rerun with: -v
==9047==
==9047== Invalid write of size 4
==9047==    at 0x1B9E7BD9: __gconv_transform_utf8_internal (loop.c:311)
==9047==    by 0x1BA488CD: mbrtowc (mbrtowc.c:72)
==9047==    by 0x1B9533C7: SLsmg_write_nstring (in /lib/libslang.so.1-UTF8.4.9) ==9047==    by 0x1B91FFE9: (within /usr/lib/libnewt.so.0.51.6)
==9047==  Address 0x1BCB3878 is 0 bytes after a block of size 64 alloc'd
==9047==    at 0x1B904EDD: malloc (vg_replace_malloc.c:131)
==9047==    by 0x1B953361: SLsmg_write_nstring (in /lib/libslang.so.1-UTF8.4.9) ==9047==    by 0x1B91FFE9: (within /usr/lib/libnewt.so.0.51.6)
==9047==    by 0x1B91CC75: newtDrawForm (in /usr/lib/libnewt.so.0.51.6)
==9047==
==9047== Invalid read of size 4
==9047==    at 0x1BA488DA: mbrtowc (mbrtowc.c:88)
==9047==    by 0x1B9533C7: SLsmg_write_nstring (in /lib/libslang.so.1-UTF8.4.9) ==9047==    by 0x1B91FFE9: (within /usr/lib/libnewt.so.0.51.6)
==9047==    by 0x1B91CC75: newtDrawForm (in /usr/lib/libnewt.so.0.51.6)
==9047==  Address 0x1BCB3878 is 0 bytes after a block of size 64 alloc'd
==9047==    at 0x1B904EDD: malloc (vg_replace_malloc.c:131)
==9047==    by 0x1B953361: SLsmg_write_nstring (in /lib/libslang.so.1-UTF8.4.9) ==9047==    by 0x1B91FFE9: (within /usr/lib/libnewt.so.0.51.6)
==9047==    by 0x1B91CC75: newtDrawForm (in /usr/lib/libnewt.so.0.51.6)
==9047==
==9047== Invalid read of size 4
==9047==    at 0x1B9533DE: SLsmg_write_nstring (in /lib/libslang.so.1-UTF8.4.9) ==9047==    by 0x1B91FFE9: (within /usr/lib/libnewt.so.0.51.6)
==9047==    by 0x1B91CC75: newtDrawForm (in /usr/lib/libnewt.so.0.51.6)
==9047==    by 0x1B91D53E: newtFormRun (in /usr/lib/libnewt.so.0.51.6)
==9047==  Address 0x1BCB3878 is 0 bytes after a block of size 64 alloc'd
==9047==    at 0x1B904EDD: malloc (vg_replace_malloc.c:131)
==9047==    by 0x1B953361: SLsmg_write_nstring (in /lib/libslang.so.1-UTF8.4.9) ==9047==    by 0x1B91FFE9: (within /usr/lib/libnewt.so.0.51.6)
==9047==    by 0x1B91CC75: newtDrawForm (in /usr/lib/libnewt.so.0.51.6)
==9047==
==9047== Invalid read of size 4
==9047==    at 0x1B9535B1: (within /lib/libslang.so.1-UTF8.4.9)
==9047==    by 0x1B95387D: (within /lib/libslang.so.1-UTF8.4.9)
==9047==    by 0x1B953999: SLsmg_write_nwchars (in /lib/libslang.so.1-UTF8.4.9) ==9047==    by 0x1B95340C: SLsmg_write_nstring (in /lib/libslang.so.1-UTF8.4.9) ==9047==  Address 0x1BCB3878 is 0 bytes after a block of size 64 alloc'd
==9047==    at 0x1B904EDD: malloc (vg_replace_malloc.c:131)
==9047==    by 0x1B953361: SLsmg_write_nstring (in /lib/libslang.so.1-UTF8.4.9) ==9047==    by 0x1B91FFE9: (within /usr/lib/libnewt.so.0.51.6)
==9047==    by 0x1B91CC75: newtDrawForm (in /usr/lib/libnewt.so.0.51.6)
==9047==
==9047== Invalid write of size 4
==9047==    at 0x1B9535E6: (within /lib/libslang.so.1-UTF8.4.9)
==9047==    by 0x1B95387D: (within /lib/libslang.so.1-UTF8.4.9)
==9047==    by 0x1B953999: SLsmg_write_nwchars (in /lib/libslang.so.1-UTF8.4.9) ==9047==    by 0x1B95340C: SLsmg_write_nstring (in /lib/libslang.so.1-UTF8.4.9) ==9047==  Address 0x1BCB3878 is 0 bytes after a block of size 64 alloc'd
==9047==    at 0x1B904EDD: malloc (vg_replace_malloc.c:131)
==9047==    by 0x1B953361: SLsmg_write_nstring (in /lib/libslang.so.1-UTF8.4.9) ==9047==    by 0x1B91FFE9: (within /usr/lib/libnewt.so.0.51.6)
==9047==    by 0x1B91CC75: newtDrawForm (in /usr/lib/libnewt.so.0.51.6)
==9047==
==9047== Invalid read of size 4
==9047==    at 0x1BD59A8B: (within /usr/lib/libfribidi.so.0.0.0)
==9047==    by 0x1BD59D0C: fribidi_log2vis (in /usr/lib/libfribidi.so.0.0.0)
==9047==    by 0x1B9538A9: (within /lib/libslang.so.1-UTF8.4.9)
==9047==    by 0x1B953999: SLsmg_write_nwchars (in /lib/libslang.so.1-UTF8.4.9) ==9047==  Address 0x1BCB3878 is 0 bytes after a block of size 64 alloc'd
==9047==    at 0x1B904EDD: malloc (vg_replace_malloc.c:131)
==9047==    by 0x1B953361: SLsmg_write_nstring (in /lib/libslang.so.1-UTF8.4.9) ==9047==    by 0x1B91FFE9: (within /usr/lib/libnewt.so.0.51.6)
==9047==    by 0x1B91CC75: newtDrawForm (in /usr/lib/libnewt.so.0.51.6)
==9047==
==9047== Invalid read of size 4
==9047==    at 0x1BD5969C: (within /usr/lib/libfribidi.so.0.0.0)
==9047==    by 0x1BD59D0C: fribidi_log2vis (in /usr/lib/libfribidi.so.0.0.0)
==9047==    by 0x1B9538A9: (within /lib/libslang.so.1-UTF8.4.9)
==9047==    by 0x1B953999: SLsmg_write_nwchars (in /lib/libslang.so.1-UTF8.4.9) ==9047==  Address 0x1BCB3878 is 0 bytes after a block of size 64 alloc'd
==9047==    at 0x1B904EDD: malloc (vg_replace_malloc.c:131)
==9047==    by 0x1B953361: SLsmg_write_nstring (in /lib/libslang.so.1-UTF8.4.9) ==9047==    by 0x1B91FFE9: (within /usr/lib/libnewt.so.0.51.6)
==9047==    by 0x1B91CC75: newtDrawForm (in /usr/lib/libnewt.so.0.51.6)
==9047==
==9047== Invalid read of size 4
==9047==    at 0x1BD59D38: fribidi_log2vis (in /usr/lib/libfribidi.so.0.0.0)
==9047==    by 0x1B9538A9: (within /lib/libslang.so.1-UTF8.4.9)
==9047==    by 0x1B953999: SLsmg_write_nwchars (in /lib/libslang.so.1-UTF8.4.9) ==9047==    by 0x1B95340C: SLsmg_write_nstring (in /lib/libslang.so.1-UTF8.4.9) ==9047==  Address 0x1BCB3878 is 0 bytes after a block of size 64 alloc'd
==9047==    at 0x1B904EDD: malloc (vg_replace_malloc.c:131)
==9047==    by 0x1B953361: SLsmg_write_nstring (in /lib/libslang.so.1-UTF8.4.9) ==9047==    by 0x1B91FFE9: (within /usr/lib/libnewt.so.0.51.6)
==9047==    by 0x1B91CC75: newtDrawForm (in /usr/lib/libnewt.so.0.51.6)
==9047==
==9047== Invalid read of size 4
==9047==    at 0x1BA488DA: mbrtowc (mbrtowc.c:88)
==9047==    by 0x1B9533C7: SLsmg_write_nstring (in /lib/libslang.so.1-UTF8.4.9) ==9047==    by 0x1B91FFE9: (within /usr/lib/libnewt.so.0.51.6)
==9047==    by 0x1B920618: (within /usr/lib/libnewt.so.0.51.6)
==9047==  Address 0x1BCB4E28 is 0 bytes after a block of size 64 alloc'd
==9047==    at 0x1B904EDD: malloc (vg_replace_malloc.c:131)
==9047==    by 0x1B953361: SLsmg_write_nstring (in /lib/libslang.so.1-UTF8.4.9) ==9047==    by 0x1B91FFE9: (within /usr/lib/libnewt.so.0.51.6)
==9047==    by 0x1B920618: (within /usr/lib/libnewt.so.0.51.6)
==9047==
==9047== Invalid read of size 4
==9047==    at 0x1B9533DE: SLsmg_write_nstring (in /lib/libslang.so.1-UTF8.4.9) ==9047==    by 0x1B91FFE9: (within /usr/lib/libnewt.so.0.51.6)
==9047==    by 0x1B920618: (within /usr/lib/libnewt.so.0.51.6)
==9047==    by 0x1B91DC2F: (within /usr/lib/libnewt.so.0.51.6)
==9047==  Address 0x1BCB4E28 is 0 bytes after a block of size 64 alloc'd
==9047==    at 0x1B904EDD: malloc (vg_replace_malloc.c:131)
==9047==    by 0x1B953361: SLsmg_write_nstring (in /lib/libslang.so.1-UTF8.4.9) ==9047==    by 0x1B91FFE9: (within /usr/lib/libnewt.so.0.51.6)
==9047==    by 0x1B920618: (within /usr/lib/libnewt.so.0.51.6)
==9047==
==9047== Invalid read of size 4
==9047==    at 0x1BA488DA: mbrtowc (mbrtowc.c:88)
==9047==    by 0x1B9533C7: SLsmg_write_nstring (in /lib/libslang.so.1-UTF8.4.9) ==9047==    by 0x1B91FFE9: (within /usr/lib/libnewt.so.0.51.6)
==9047==    by 0x1B9205F5: (within /usr/lib/libnewt.so.0.51.6)
==9047==  Address 0x1BCB5228 is 0 bytes after a block of size 64 alloc'd
==9047==    at 0x1B904EDD: malloc (vg_replace_malloc.c:131)
==9047==    by 0x1B953361: SLsmg_write_nstring (in /lib/libslang.so.1-UTF8.4.9) ==9047==    by 0x1B91FFE9: (within /usr/lib/libnewt.so.0.51.6)
==9047==    by 0x1B9205F5: (within /usr/lib/libnewt.so.0.51.6)
==9047==
==9047== Invalid read of size 4
==9047==    at 0x1B9533DE: SLsmg_write_nstring (in /lib/libslang.so.1-UTF8.4.9) ==9047==    by 0x1B91FFE9: (within /usr/lib/libnewt.so.0.51.6)
==9047==    by 0x1B9205F5: (within /usr/lib/libnewt.so.0.51.6)
==9047==    by 0x1B91DC2F: (within /usr/lib/libnewt.so.0.51.6)
==9047==  Address 0x1BCB5228 is 0 bytes after a block of size 64 alloc'd
==9047==    at 0x1B904EDD: malloc (vg_replace_malloc.c:131)
==9047==    by 0x1B953361: SLsmg_write_nstring (in /lib/libslang.so.1-UTF8.4.9) ==9047==    by 0x1B91FFE9: (within /usr/lib/libnewt.so.0.51.6)
==9047==    by 0x1B9205F5: (within /usr/lib/libnewt.so.0.51.6)
==9047==
==9047== Invalid read of size 4
==9047==    at 0x1B9E357E: __gconv_release_step (gconv_db.c:198)
==9047==    by 0x1B9E414C: __gconv_close_transform (gconv_db.c:751)
==9047==    by 0x1BA5CC76: _nl_cleanup_ctype (wcsmbsload.c:265)
==9047==    by 0x1BAD78E2: _nl_archive_subfreeres (loadarchive.c:517)
==9047==  Address 0x1BC862B0 is 8 bytes inside a block of size 60 free'd
==9047==    at 0x1B905460: free (vg_replace_malloc.c:153)
==9047==    by 0x1B9E3527: free_derivation (gconv_db.c:188)
==9047==    by 0x1BAA1EC2: tdestroy_recurse (tsearch.c:642)
==9047==    by 0x1BAA1EE5: tdestroy_recurse (tsearch.c:639)
==9047==
==9047== Invalid write of size 4
==9047==    at 0x1B9E358F: __gconv_release_step (gconv_db.c:198)
==9047==    by 0x1B9E414C: __gconv_close_transform (gconv_db.c:751)
==9047==    by 0x1BA5CC76: _nl_cleanup_ctype (wcsmbsload.c:265)
==9047==    by 0x1BAD78E2: _nl_archive_subfreeres (loadarchive.c:517)
==9047==  Address 0x1BC862B0 is 8 bytes inside a block of size 60 free'd
==9047==    at 0x1B905460: free (vg_replace_malloc.c:153)
==9047==    by 0x1B9E3527: free_derivation (gconv_db.c:188)
==9047==    by 0x1BAA1EC2: tdestroy_recurse (tsearch.c:642)
==9047==    by 0x1BAA1EE5: tdestroy_recurse (tsearch.c:639)
==9047==
==9047== Invalid read of size 4
==9047==    at 0x1B9E3594: __gconv_release_step (gconv_db.c:201)
==9047==    by 0x1B9E414C: __gconv_close_transform (gconv_db.c:751)
==9047==    by 0x1BA5CC76: _nl_cleanup_ctype (wcsmbsload.c:265)
==9047==    by 0x1BAD78E2: _nl_archive_subfreeres (loadarchive.c:517)
==9047==  Address 0x1BC862C8 is 32 bytes inside a block of size 60 free'd
==9047==    at 0x1B905460: free (vg_replace_malloc.c:153)
==9047==    by 0x1B9E3527: free_derivation (gconv_db.c:188)
==9047==    by 0x1BAA1EC2: tdestroy_recurse (tsearch.c:642)
==9047==    by 0x1BAA1EE5: tdestroy_recurse (tsearch.c:639)
==9047==
==9047== Invalid read of size 4
==9047==    at 0x1B9E359B: __gconv_release_step (gconv_db.c:206)
==9047==    by 0x1B9E414C: __gconv_close_transform (gconv_db.c:751)
==9047==    by 0x1BA5CC76: _nl_cleanup_ctype (wcsmbsload.c:265)
==9047==    by 0x1BAD78E2: _nl_archive_subfreeres (loadarchive.c:517)
==9047==  Address 0x1BC862A8 is 0 bytes inside a block of size 60 free'd
==9047==    at 0x1B905460: free (vg_replace_malloc.c:153)
==9047==    by 0x1B9E3527: free_derivation (gconv_db.c:188)
==9047==    by 0x1BAA1EC2: tdestroy_recurse (tsearch.c:642)
==9047==    by 0x1BAA1EE5: tdestroy_recurse (tsearch.c:639)
==9047==
==9047== Invalid read of size 4
==9047==    at 0x1B9E357E: __gconv_release_step (gconv_db.c:198)
==9047==    by 0x1B9E414C: __gconv_close_transform (gconv_db.c:751)
==9047==    by 0x1BA5CC80: _nl_cleanup_ctype (wcsmbsload.c:266)
==9047==    by 0x1BAD78E2: _nl_archive_subfreeres (loadarchive.c:517)
==9047==  Address 0x1BC86120 is 8 bytes inside a block of size 60 free'd
==9047==    at 0x1B905460: free (vg_replace_malloc.c:153)
==9047==    by 0x1B9E3527: free_derivation (gconv_db.c:188)
==9047==    by 0x1BAA1EC2: tdestroy_recurse (tsearch.c:642)
==9047==    by 0x1BAD7661: free_mem (gconv_db.c:796)
==9047==
==9047== Invalid write of size 4
==9047==    at 0x1B9E358F: __gconv_release_step (gconv_db.c:198)
==9047==    by 0x1B9E414C: __gconv_close_transform (gconv_db.c:751)
==9047==    by 0x1BA5CC80: _nl_cleanup_ctype (wcsmbsload.c:266)
==9047==    by 0x1BAD78E2: _nl_archive_subfreeres (loadarchive.c:517)
==9047==  Address 0x1BC86120 is 8 bytes inside a block of size 60 free'd
==9047==    at 0x1B905460: free (vg_replace_malloc.c:153)
==9047==    by 0x1B9E3527: free_derivation (gconv_db.c:188)
==9047==    by 0x1BAA1EC2: tdestroy_recurse (tsearch.c:642)
==9047==    by 0x1BAD7661: free_mem (gconv_db.c:796)
==9047==
==9047== Invalid read of size 4
==9047==    at 0x1B9E3594: __gconv_release_step (gconv_db.c:201)
==9047==    by 0x1B9E414C: __gconv_close_transform (gconv_db.c:751)
==9047==    by 0x1BA5CC80: _nl_cleanup_ctype (wcsmbsload.c:266)
==9047==    by 0x1BAD78E2: _nl_archive_subfreeres (loadarchive.c:517)
==9047==  Address 0x1BC86138 is 32 bytes inside a block of size 60 free'd
==9047==    at 0x1B905460: free (vg_replace_malloc.c:153)
==9047==    by 0x1B9E3527: free_derivation (gconv_db.c:188)
==9047==    by 0x1BAA1EC2: tdestroy_recurse (tsearch.c:642)
==9047==    by 0x1BAD7661: free_mem (gconv_db.c:796)
==9047==
==9047== Invalid read of size 4
==9047==    at 0x1B9E359B: __gconv_release_step (gconv_db.c:206)
==9047==    by 0x1B9E414C: __gconv_close_transform (gconv_db.c:751)
==9047==    by 0x1BA5CC80: _nl_cleanup_ctype (wcsmbsload.c:266)
==9047==    by 0x1BAD78E2: _nl_archive_subfreeres (loadarchive.c:517)
==9047==  Address 0x1BC86118 is 0 bytes inside a block of size 60 free'd
==9047==    at 0x1B905460: free (vg_replace_malloc.c:153)
==9047==    by 0x1B9E3527: free_derivation (gconv_db.c:188)
==9047==    by 0x1BAA1EC2: tdestroy_recurse (tsearch.c:642)
==9047==    by 0x1BAD7661: free_mem (gconv_db.c:796)
==9047==
==9047== ERROR SUMMARY: 38 errors from 20 contexts (suppressed: 23 from 1)
==9047== malloc/free: in use at exit: 11786 bytes in 108 blocks.
==9047== malloc/free: 3075 allocs, 2967 frees, 236374 bytes allocated.
==9047== For a detailed leak analysis,  rerun with: --leak-check=yes
==9047== For counts of detected errors, rerun with: -v