[metapost] decimal: The impossible/a segfault happened

Samuel Bronson naesten at gmail.com
Tue Apr 22 01:38:31 CEST 2014 

Package: texlive-metapost
Version: 2013.20140314-1
Severity: normal

Dear Implementors,

I've discovered a way to get either:
  1. a "! This can't happen (token)." error (MetaPost 1.803 from Debian)
or 
  2. a segfault (MetaPost ~1.999 from SVN r2007)

[Note: I've abused debian-bug.el to include some information on package
version numbers.]

Unfortunately, most of the stuff I tried trimming out of my input makes
both go away; the former disappears if I so much as use "tracingall".

Here's the input file:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: decimal-fail.mp
Type: text/x-metapost
Size: 2760 bytes
Desc: Input
URL: <http://tug.org/pipermail/metapost/attachments/20140421/4c89ad5b/attachment.bin>
-------------- next part --------------

and here's what happens when I run it ...

... under MetaPost 1.803:

% mpost -numbersystem=decimal decimal-fail.mp
This is MetaPost, version 1.803 (kpathsea version 6.1.1)
(mfplain.mp
Preloading the plain base, version 0.99: preliminaries,
 basic constants and mathematical macros,
 macros for converting units,
 macros and tables for various modes of operation,
 macros for drawing and filling,
 macros for proof labels and rules,
 macros for character and font administration,
and a few last-minute items.) (./decimal-fail.mp
Dangerous bend sign
! This can't happen (token).
<for( BAD)> ...el(str(SUFFIX0),z(SUFFIX0)); ENDFOR
                                                  
labels->...XT3):makelabel(SUFFIX2)(str$,z$);endfor
                                                  .fi.endgroup
l.74 labels(38)
               ;
Transcript written on decimal-fail.log.

... under MetaPost 1.999 (under GDB) and poke around a bit:

% gdb --args ../metapost/build/texk/web2c/mpost -numbersystem=decimal decimal-fail.mp
GNU gdb (GDB) 7.6.1 (Debian 7.6.1-1)
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/naesten/hacking/texmf/metapost/build/texk/web2c/mpost...done.
(gdb) run
Starting program: /home/naesten/hacking/texmf/dbend/../metapost/build/texk/web2c/mpost -numbersystem=decimal decimal-fail.mp
warning: Could not load shared library symbols for linux-gate.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/i686/cmov/libthread_db.so.1".
This is MetaPost, version 1.999 (TeX Live 2014/dev) (kpathsea version 6.1.1)
(/usr/share/texlive/texmf-dist/metapost/base/mfplain.mp
Preloading the plain base, version 0.99: preliminaries,
 basic constants and mathematical macros,
 macros for converting units,
 macros and tables for various modes of operation,
 macros for drawing and filling,
 macros for proof labels and rules,
 macros for character and font administration,
and a few last-minute items.) (./decimal-fail.mp
Dangerous bend sign
Program received signal SIGSEGV, Segmentation fault.
__GI___libc_free (mem=0x10000) at malloc.c:2891
2891    malloc.c: No such file or directory.
(gdb) bt
#0  __GI___libc_free (mem=0x10000) at malloc.c:2891
#1  0x080c3eb2 in mp_free_number (mp=0x82c6788, n=0xbfffef5c)
    at ../../../source/texk/web2c/mplibdir/mpmathdecimal.w:618
#2  0x080d395a in mp_gr_choose_scale (mp=mp at entry=0x82c6788, p=p at entry=0x8e75858)
    at ../../../source/texk/web2c/mplibdir/psout.w:6004
#3  0x080dc819 in mp_gr_ship_out (hh=hh at entry=0x8e74a78, qprologues=0, qprocset=qprocset at entry=0,
    standalone=standalone at entry=0) at ../../../source/texk/web2c/mplibdir/psout.w:6141
#4  0x0809598c in mp_shipout_backend (mp=0x82c6788, voidh=0x8daab00)
    at ../../../source/texk/web2c/mplibdir/mp.w:34121
#5  0x080b4dea in mp_ship_out (h=0x8daab00, mp=0x82c6788)
    at ../../../source/texk/web2c/mplibdir/mp.w:34095
#6  mp_do_ship_out (mp=0x82c6788) at ../../../source/texk/web2c/mplibdir/mp.w:31244
#7  mp_do_statement (mp=mp at entry=0x82c6788) at ../../../source/texk/web2c/mplibdir/mp.w:28473
#8  0x080b64c7 in mp_scan_primary (mp=mp at entry=0x82c6788)
    at ../../../source/texk/web2c/mplibdir/mp.w:22642
#9  0x080b8d67 in mp_scan_secondary (mp=mp at entry=0x82c6788)
    at ../../../source/texk/web2c/mplibdir/mp.w:23444
#10 0x080b8e67 in mp_scan_tertiary (mp=mp at entry=0x82c6788)
    at ../../../source/texk/web2c/mplibdir/mp.w:23500
#11 0x080a20df in mp_scan_expression (mp=mp at entry=0x82c6788)
    at ../../../source/texk/web2c/mplibdir/mp.w:23544
#12 0x080b31f9 in mp_do_statement (mp=mp at entry=0x82c6788)
    at ../../../source/texk/web2c/mplibdir/mp.w:28383
#13 0x080bdcc5 in mp_main_control (mp=<optimized out>)
    at ../../../source/texk/web2c/mplibdir/mp.w:29239
#14 mp_run (mp=mp at entry=0x82c6788) at ../../../source/texk/web2c/mplibdir/mp.w:29259
#15 0x0804b401 in main (argc=3, argv=0xbffff9f4)
    at ../../../source/texk/web2c/mplibdir/mpost.w:1385
(gdb) up
#1  0x080c3eb2 in mp_free_number (mp=0x82c6788, n=0xbfffef5c)
    at ../../../source/texk/web2c/mplibdir/mpmathdecimal.w:618
618       free(n->data.num);
(gdb) print *n
$1 = {data = {num = 0x10000, dval = 1.1670980088217614e-312, val = 65536}, type = mp_scaled_type}
(gdb)

So, um, it seems to be trying to use the code in mpmathdecimal.w to free
a plain-old "scaled" number, for some reason ...

After this, I did some more poking around with valgrind vgdb only to
discover that I could have just typed "up" and gotten nearly as much
information, at least if I knew what free_number(ret) meant -- which is
to say, I found out that this mp_free_number() has been passed a pointer
to mp_gr_choose_scale()'s local variable "ret" in frame #2.

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 3.11-2-686-pae (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages texlive-metapost depends on:
ii  dpkg              1.17.5
ii  tex-common        4.04
ii  texlive-base      2013.20140314-1
ii  texlive-binaries  2013.20130729.30972-2+b2

-- 
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!

More information about the metapost mailing list