Bug 581746 – Segfault/realloc errors when project's wd has long (nested) abolute path name

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 581746 - Segfault/realloc errors when project's wd has long (nested) abolute path name


Summary:	Segfault/realloc errors when project's wd has long (nested) abolute path name


Status:	VERIFIED FIXED

Product:	doxygen
Classification:	Other
Component:	general
Version:	1.5.9
Hardware:	Other All

Importance:	Normal critical
Target Milestone:	---
Assigned To:	Dimitri van Heesch
QA Contact:	Dimitri van Heesch

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2009-05-07 13:59 UTC by Stephan Suerken
Modified:	2009-08-24 10:52 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
gdb session with debug doxygen (6.87 KB, text/plain) 2009-05-07 14:48 UTC, Stephan Suerken	Details

Description Stephan Suerken 2009-05-07 13:59:31 UTC

Steps to reproduce:
1. Copy a project with doxygen to some long (~230 chars) directory name (may be nested):
   cp -a my-project /tmp/very/long/nested/directory/name
2. Enter the project with the long directory name
3. doxygen [Doxyfile]


Stack trace:
$ manwe(CHROOT:sid-ui): ~/var/tmp/llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
$ absurd? doxygen Doxyfile
Warning: Tag `DETAILS_AT_TOP' at line 163 of file Doxyfile has become obsolete.
To avoid this warning please update your configuration file using "doxygen -u"
*** glibc detected *** doxygen: realloc(): invalid next size: 0x0000000001932270 ***
======= Backtrace: =========
/lib/libc.so.6[0x7f52bf0381c8]
/lib/libc.so.6[0x7f52bf03c111]
/lib/libc.so.6(realloc+0x12f)[0x7f52bf03ce6f]
doxygen[0x667e97]
doxygen[0x668750]
doxygen[0x53ea78]
doxygen[0x5452dc]
doxygen[0x41004b]
doxygen[0x428d9b]
doxygen[0x402d35]
/lib/libc.so.6(__libc_start_main+0xe6)[0x7f52befe45a6]
doxygen[0x402c39]
======= Memory map: ========
00400000-008a8000 r-xp 00000000 fe:00 6147434                            /usr/bin/doxygen
00aa7000-00ab4000 rw-p 004a7000 fe:00 6147434                            /usr/bin/doxygen
00ab4000-00ae0000 rw-p 00ab4000 00:00 0 
01819000-0195d000 rw-p 01819000 00:00 0                                  [heap]
7f52b8000000-7f52b8021000 rw-p 7f52b8000000 00:00 0 
7f52b8021000-7f52bc000000 ---p 7f52b8021000 00:00 0 
7f52be9ea000-7f52bedaf000 rw-p 7f52be9ea000 00:00 0 
7f52bedaf000-7f52bedc6000 r-xp 00000000 fe:00 4419052                    /usr/lib/libz.so.1.2.3.3
7f52bedc6000-7f52befc5000 ---p 00017000 fe:00 4419052                    /usr/lib/libz.so.1.2.3.3
7f52befc5000-7f52befc6000 rw-p 00016000 fe:00 4419052                    /usr/lib/libz.so.1.2.3.3
7f52befc6000-7f52bf10f000 r-xp 00000000 fe:00 6148232                    /lib/libc-2.9.so
7f52bf10f000-7f52bf30f000 ---p 00149000 fe:00 6148232                    /lib/libc-2.9.so
7f52bf30f000-7f52bf313000 r--p 00149000 fe:00 6148232                    /lib/libc-2.9.so
7f52bf313000-7f52bf314000 rw-p 0014d000 fe:00 6148232                    /lib/libc-2.9.so
7f52bf314000-7f52bf319000 rw-p 7f52bf314000 00:00 0 
7f52bf319000-7f52bf32f000 r-xp 00000000 fe:00 6147894                    /lib/libgcc_s.so.1
7f52bf32f000-7f52bf52e000 ---p 00016000 fe:00 6147894                    /lib/libgcc_s.so.1
7f52bf52e000-7f52bf52f000 rw-p 00015000 fe:00 6147894                    /lib/libgcc_s.so.1
7f52bf52f000-7f52bf5b1000 r-xp 00000000 fe:00 6148132                    /lib/libm-2.9.so
7f52bf5b1000-7f52bf7b0000 ---p 00082000 fe:00 6148132                    /lib/libm-2.9.so
7f52bf7b0000-7f52bf7b1000 r--p 00081000 fe:00 6148132                    /lib/libm-2.9.so
7f52bf7b1000-7f52bf7b2000 rw-p 00082000 fe:00 6148132                    /lib/libm-2.9.so
7f52bf7b2000-7f52bf8a3000 r-xp 00000000 fe:00 4418783                    /usr/lib/libstdc++.so.6.0.11
7f52bf8a3000-7f52bfaa3000 ---p 000f1000 fe:00 4418783                    /usr/lib/libstdc++.so.6.0.11
7f52bfaa3000-7f52bfaaa000 r--p 000f1000 fe:00 4418783                    /usr/lib/libstdc++.so.6.0.11
7f52bfaaa000-7f52bfaac000 rw-p 000f8000 fe:00 4418783                    /usr/lib/libstdc++.so.6.0.11
7f52bfaac000-7f52bfac1000 rw-p 7f52bfaac000 00:00 0 
7f52bfac1000-7f52bfae6000 r-xp 00000000 fe:00 4418557                    /usr/lib/libpng12.so.0.35.0
7f52bfae6000-7f52bfce5000 ---p 00025000 fe:00 4418557                    /usr/lib/libpng12.so.0.35.0
7f52bfce5000-7f52bfce6000 rw-p 00024000 fe:00 4418557                    /usr/lib/libpng12.so.0.35.0
7f52bfce6000-7f52bfd03000 r-xp 00000000 fe:00 6148226                    /lib/ld-2.9.so
7f52bfd4e000-7f52bfe90000 r--p 00000000 fe:00 9363459                    /usr/lib/locale/locale-archive
7f52bfe90000-7f52bfef6000 rw-p 7f52bfe90000 00:00 0 
7f52bfef7000-7f52bfefe000 r--s 00000000 fe:00 7554134                    /usr/lib/gconv/gconv-modules.cache
7f52bfefe000-7f52bff02000 rw-p 7f52bfefe000 00:00 0 
7f52bff02000-7f52bff03000 r--p 0001c000 fe:00 6148226                    /lib/ld-2.9.so
7f52bff03000-7f52bff04000 rw-p 0001d000 fe:00 6148226                    /lib/ld-2.9.so
7fffc7eef000-7fffc7f04000 rw-p 7ffffffea000 00:00 0                      [stack]
7fffc7fff000-7fffc8000000 r-xp 7fffc7fff000 00:00 0                      [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Aborted



Other information:
Tested with doxygen 1.5.9 (Debian sid doxygen_1.5.9-1).

It seems that in a project where the abolute pathname + pathname in the project it accesses or writes eventually gets too large (>255?).

Doxygen should at least spit a "pathname too long" error, and not segfault.

Imho, doxygen should just work, as usual fs'es have a file name limitation, but no path name limitation (ext234).

Using SHORT_NAMES and the like does not help in these cases.

Thanks,

Stephan

Comment 1 Stephan Suerken 2009-05-07 14:48:35 UTC

Created attachment 134197 [details]
gdb session with debug doxygen

Comment 2 Stephan Suerken 2009-05-07 14:50:53 UTC

Comment #1 there is a slightly more helpful backtrace with a doxygen compiled in debug mode, indicating the problem is in QCString::resize.

Hope this helps,

Stephan

Comment 3 Dimitri van Heesch 2009-05-07 17:40:15 UTC

Thanks for the backtrace, 
I think I found the issue. Should be fixed in the next subversion update.

Comment 4 Stephan Suerken 2009-05-08 11:53:27 UTC

Great - thx.

If you add the patch here, or it's in svn (does not seem to be yet), I can re-test if you like.

Comment 5 Dimitri van Heesch 2009-08-20 10:13:14 UTC

This bug was previously marked ASSIGNED, which means it should be fixed in
doxygen version 1.6.0. Please verify if this is indeed the case and reopen the
bug if you think it is not fixed (include any additional information that you
think can be relevant).

Comment 6 Stephan Suerken 2009-08-24 10:52:58 UTC

Hi Dimitri,

I have re-checked my test case against 1.6.0 (Debian package) -- the problem is fixed there.

Hence => verified.

Thx,

Stephan