r.report seg faults on small page width values

[epatton]

r.report seg faults when passed small values of page width values. From the NC test dataset, the elevation raster creates the seg fault on 23 characters, and an infinite loop with 24 characters:

r.report -h map=elevation pw=23
 100%
+---------------------+
|Category Information |
|                    #|description                                  |
|---------------------|
|104.966573-105.361675|from  to �
'@�?@�h0�h��h`�h@�h�����'�Yc4@/�~F�'@4@���V
      Al
        A@k#A�K#A�?�����Segmentation fault

gdb backtrace:

gdb -q r.report
Reading symbols from /usr/local/grass-6.5.svn/bin/r.report...done.
(gdb) run map=elevation pw=23
# lots of binary gibberish printed, then:
Program received signal SIGSEGV, Segmentation fault.
print_label (s=0x629000 <Address 0x629000 out of bounds>, len=<value optimized out>, pflag=1, spacing=0, dot=<value optimized out>) at label.c:46
46		    putchar(*s);
(gdb)

~ Eric.

[epatton]

Sorry, I forget the actual backtrace. Up late watching Olympics closing ceremonies.

(gdb) bt full #0 print_label (s=0x629000 <Address 0x629000 out of bounds>, len=<value optimized out>, pflag=1, spacing=0, dot=<value optimized out>) at label.c:46

x = 0x607100 " \205\272\367\377\177" n = <value optimized out> i = 0

#1 0x0000000000404f81 in print_report (unit1=<value optimized out>, unit2=-1) at prt_report.c:221

NS = 0 ns = 0 nl = 0 nx = <value optimized out> num = "104.966573-105.361675", '\000' <repeats 11 times>, "@q\000\000\000\000\000\220\001\271\367\377\177\000\000\001\000\000\000\000\000\000\000v`", '\000' <repeats 13 times>"\325, \065\337\367\377\177\000\000@\334\335\367\377\177\000\000@\334\335\367\377\177\000\000\003\352\274", <incomplete sequence \367> len = <value optimized out> new = 1 cats = <value optimized out> prev = 0x7fffffffdae0 first = 1 i = <value optimized out> divider_level = <value optimized out> after_header = <value optimized out> cp = 0x607240 "from to " spacing = <value optimized out>

#2 0x000000000040534c in report () at report.c:11

unit1 = <value optimized out> unit2 = <value optimized out>

#3 0x0000000000403573 in main (argc=3, argv=0x7fffffffdae8) at main.c:73

module = <value optimized out>

(gdb)

[neteler]

Confirmed in G6.4-7.

It only crashes with FP maps. It happens in label.c" line 44, i.e. source:grass/trunk/raster/r.report/label.c@41232#L44​ (while...). "@" is never found in "from ... to" so it rounds out of bound.

Markus

[neteler]

Still segfaulting:

GRASS 6.4.3svn (nc_spm_08):~ > r.report -h map=elevation pw=23
 100%
+---------------------+
|Category Information |
|                    #|description                                  |
|---------------------|
|103.781266-104.176368|from  to ��������c�?�?�?�?�?p�
A�
Segmentation fault (core dumped)

also in GRASS 7.svn:

GRASS 7.0.svn (nc_spm_08):~ > r.report -h map=elevation pw=23
 100%
+---------------------+
|Category Information |
|                    #|description                                  |
|---------------------|
|103.781266-104.176368|from  to ��������c�?�?�?�?�?p�
A�
A0�#A�z#A�?�:�:G�����:n@� �:@�:`�:Segmentation fault (core dumped)

[mmetz]

Fixed in trunk r52817 such that there is no longer a segfault but a warning that the page width is too small. Ideally the output would be formatted such that it fits into the page width, but then this may not always be possible or lead to unreadable output for a small page width.

Markus M