Dear Maintainer, Running dot with the attached input file crashes: $ dot ./input.dot *** glibc detected *** dot: malloc(): memory corruption: 0x097ca580 *** ======= Backtrace: ========= /lib/i386-linux-gnu/i686/cmov/libc.so.6(+0x70f01)[0xf755df01] /lib/i386-linux-gnu/i686/cmov/libc.so.6(+0x73ce4)[0xf7560ce4] /lib/i386-linux-gnu/i686/cmov/libc.so.6(__libc_malloc+0x5c)[0xf75628ec] /lib/i386-linux-gnu/i686/cmov/libc.so.6(__strdup+0x30)[0xf7565e20] /usr/lib/libgvc.so.5(htmlEntityUTF8+0x1fd)[0xf769adfd] ======= Memory map: ======== 08048000-08049000 r-xp 00000000 08:01 270121 /usr/bin/dot 08049000-0804a000 rw-p 00001000 08:01 270121 /usr/bin/dot 096d1000-097dc000 rw-p 00000000 00:00 0 [heap] f6a00000-f6a21000 rw-p 00000000 00:00 0 f6a21000-f6b00000 ---p 00000000 00:00 0 f6b95000-f6bb1000 r-xp 00000000 08:01 1048981 /lib/i386-linux-gnu/libgcc_s.so.1 f6bb1000-f6bb2000 rw-p 0001b000 08:01 1048981 /lib/i386-linux-gnu/libgcc_s.so.1 f6bdd000-f6c8d000 r--p 00000000 08:01 944846 /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf f6c8d000-f6c8f000 r-xp 00000000 08:01 666819 /usr/lib/i386-linux-gnu/pango/1.6.0/modules/pango-basic-fc.so f6c8f000-f6c90000 r--p 00001000 08:01 666819 /usr/lib/i386-linux-gnu/pango/1.6.0/modules/pango-basic-fc.so f6c90000-f6c91000 rw-p 00002000 08:01 666819 /usr/lib/i386-linux-gnu/pango/1.6.0/modules/pango-basic-fc.so f6c91000-f6c92000 r--s 00000000 08:01 428166 /var/cache/fontconfig/c05880de57d1f5e948fdfacc138775d9-le32d4.cache-3 f6c92000-f6c98000 r--s 00000000 08:01 428163 /var/cache/fontconfig/945677eb7aeaf62f1d50efc3fb3ec7d8-le32d4.cache-3 f6c98000-f6c9a000 r--s 00000000 08:01 428176 /var/cache/fontconfig/f24b2111ab8703b4e963115a8cf14259-le32d4.cache-3 f6c9a000-f6c9e000 r--s 00000000 08:01 428158 /var/cache/fontconfig/6eb3985aa4124903f6ff08ba781cd364-le32d4.cache-3 f6c9e000-f6ca5000 r--s 00000000 08:01 428157 /var/cache/fontconfig/6d41288fd70b0be22e8c3a91e032eec0-le32d4.cache-3 f6ca5000-f6ca6000 r--s 00000000 08:01 428162 /var/cache/fontconfig/9451a55048e8dbe8633e64d34165fdf2-le32d4.cache-3 f6ca6000-f6ca7000 r--s 00000000 08:01 428151 /var/cache/fontconfig/4794a0821666d79190d59a36cb4f44b5-le32d4.cache-3 f6ca7000-f6ca9000 r--s 00000000 08:01 428167 /var/cache/fontconfig/c57959a16110560c8d0fcea73374aeeb-le32d4.cache-3 f6ca9000-f6cad000 r--s 00000000 08:01 428147 /var/cache/fontconfig/3047814df9a2f067bd2d96a2b9c36e5a-le32d4.cache-3 f6cad000-f6d85000 r--s 00000000 08:02 2625026 /home/arnaud/.fontconfig/24d9064525f68c0efde622de2c168c66-le32d4.cache-3 f6d85000-f6d8f000 r-xp 00000000 08:01 1049052 /lib/i386-linux-gnu/i686/cmov/libnss_files-2.13.so f6d8f000-f6d90000 r--p 00009000 08:01 1049052 /lib/i386-linux-gnu/i686/cmov/libnss_files-2.13.so f6d90000-f6d91000 rw-p 0000a000 08:01 1049052 /lib/i386-linux-gnu/i686/cmov/libnss_files-2.13.so f6d91000-f6d9a000 r-xp 00000000 08:01 1049054 /lib/i386-linux-gnu/i686/cmov/libnss_nis-2.13.so f6d9a000-f6d9b000 r--p 00008000 08:01 1049054 /lib/i386-linux-gnu/i686/cmov/libnss_nis-2.13.so f6d9b000-f6d9c000 rw-p 00009000 08:01 1049054 /lib/i386-linux-gnu/i686/cmov/libnss_nis-2.13.so f6d9c000-f6daf000 r-xp 00000000 08:01 1049049 /lib/i386-linux-gnu/i686/cmov/libnsl-2.13.so f6daf000-f6db0000 r--p 00012000 08:01 1049049 /lib/i386-linux-gnu/i686/cmov/libnsl-2.13.so f6db0000-f6db1000 rw-p 00013000 08:01 1049049 /lib/i386-linux-gnu/i686/cmov/libnsl-2.13.so f6db1000-f6db3000 rw-p 00000000 00:00 0 f6db3000-f6db9000 r-xp 00000000 08:01 1049050 /lib/i386-linux-gnu/i686/cmov/libnss_compat-2.13.so f6db9000-f6dba000 r--p 00005000 08:01 1049050 /lib/i386-linux-gnu/i686/cmov/libnss_compat-2.13.so f6dba000-f6dbb000 rw-p 00006000 08:01 1049050 /lib/i386-linux-gnu/i686/cmov/libnss_compat-2.13.so f6dbb000-f6dc8000 r--s 00000000 08:01 428171 /var/cache/fontconfig/d52a8644073d54c13679302ca1180695-le32d4.cache-3 f6dc8000-f6dcd000 r--s 00000000 08:01 428145 /var/cache/fontconfig/105b9c7e6f0a4f82d8c9b6e39c52c6f9-le32d4.cache-3 f6dcd000-f6dd3000 r--s 00000000 08:01 428149 /var/cache/fontconfig/3f7329c5293ffd510edef78f73874cfd-le32d4.cache-3 f6dd3000-f6dda000 r--s 00000000 08:01 428161 /var/cache/fontconfig/83bf95040141907cd45bb53cf7c1c148-le32d4.cache-3 f6dda000-f6de6000 r--s 00000000 08:01 428173 /var/cache/fontconfig/e13b20fdb08344e0e664864cc2ede53d-le32d4.cache-3 f6de6000-f6ded000 r--s 00000000 08:01 665828 /usr/lib/i386-linux-gnu/gconv/gconv-modules.cache f6ded000-f6dfd000 r-xp 00000000 08:01 663974 /usr/lib/graphviz/libgvplugin_core.so.6.0.0 f6dfd000-f6dff000 rw-p 00010000 08:01 663974 /usr/lib/graphviz/libgvplugin_core.so.6.0.0 f6dff000-f6e00000 rw-p 00000000 00:00 0 f6e00000-f6e05000 r-xp 00000000 08:01 664317 /usr/lib/i386-linux-gnu/libXdmcp.so.6.0.0 f6e05000-f6e06000 rw-p 00004000 08:01 664317 /usr/lib/i386-linux-gnu/libXdmcp.so.6.0.0 f6e06000-f6e08000 r-xp 00000000 08:01 664308 /usr/lib/i386-linux-gnu/libXau.so.6.0.0 f6e08000-f6e09000 rw-p 00001000 08:01 664308 /usr/lib/i386-linux-gnu/libXau.so.6.0.0 f6e09000-f6e46000 r-xp 00000000 08:01 1049013 /lib/i386-linux-gnu/libpcre.so.3.13.1 f6e46000-f6e47000 rw-p 0003c000 08:01 1049013 /lib/i386-linux-gnu/libpcre.so.3.13.1 f6e47000-f6e4f000 r-xp 00000000 08:01 664478 /usr/lib/i386-linux-gnu/libffi.so.5.0.10 f6e4f000-f6e50000 rw-p 00008000 08:01 664478 /usr/lib/i386-linux-gnu/libffi.so.5.0.10 f6e50000-f6e51000 r-xp 00000000 08:01 664609 /usr/lib/i386-linux-gnu/libgthread-2.0.so.0.3200.4 f6e51000-f6e52000 r--p 00000000 08:01 664609 /usr/lib/i386-linux-gnu/libgthread-2.0.so.0.3200.4 f6e52000-f6e53000 rw-p 00001000 08:01 664609 /usr/lib/i386-linux-gnu/libgthread-2.0.so.0.3200.4 f6e53000-f6f87000 r-xp 00000000 08:01 664305 /usr/lib/i386-linux-gnu/libX11.so.6.3.0 f6f87000-f6f8b000 rw-p 00133000 08:01 664305 /usr/lib/i386-linux-gnu/libX11.so.6.3.0 f6f8b000-f6fac000 r-xp 00000000 08:01 664933 /usr/lib/i386-linux-gnu/libxcb.so.1.1.0 f6fac000-f6fad000 r--p 00020000 08:01 664933 /usr/lib/i386-linux-gnu/libxcb.so.1.1.0 f6fad000-f6fae000 rw-p 00021000 08:01 664933 /usr/lib/i386-linux-gnu/libxcb.so.1.1.0 f6fae000-f6fb7000 r-xp 00000000 08:01 664925 /usr/lib/i386-linux-gnu/libxcb-render.so.0.0.0 f6fb7000-f6fb8000 r--p 00008000 08:01 664925 /usr/lib/i386-linux-gnu/libxcb-render.so.0.0.0 f6fb8000-f6fb9000 rw-p 00009000 08:01 664925 /usr/lib/i386-linux-gnu/libxcb-render.so.0.0.0 f6fb9000-f6fbb000 r-xp 00000000 08:01 664928 /usr/lib/i386-linux-gnu/libxcb-shm.so.0.0.0 f6fbb000-f6fbc000 r--p 00001000 08:01 664928 /usr/lib/i386-linux-gnu/libxcb-shm.so.0.0.0 f6fbc000-f6fbd000 rw-p 00002000 08:01 664928 /usr/lib/i386-linux-gnu/libxcb-shm.so.0.0.0 f6fbd000-f6fe5000 r-xp 00000000 08:01 1049014 /lib/i386-linux-gnu/libpng12.so.0.49.0 f6fe5000-f6fe6000 r--p 00027000 08:01 1049014 /lib/i386-linux-gnu/libpng12.so.0.49.0 f6fe6000-f6fe7000 rw-p 00028000 08:01 1049014 /lib/i386-linux-gnu/libpng12.so.0.49.0 f6fe7000-f707a000 r-xp 00000000 08:01 664751 /usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0 f707a000-f707e000 rw-p 00093000 08:01 664751 /usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0 f707e000-f7093000 r-xp 00000000 08:01 1049057 /lib/i386-linux-gnu/i686/cmov/libpthread-2.13.so f7093000-f7094000 r--p 00014000 08:01 1049057 /lib/i386-linux-gnu/i686/cmov/libpthread-2.13.so f7094000-f7095000 rw-p 00015000 08:01 1049057 /lib/i386-linux-gnu/i686/cmov/libpthread-2.13.so f7095000-f7097000 rw-p 00000000 00:00 0 f7097000-f70cb000 r-xp 00000000 08:01 664503 /usr/lib/i386-linux-gnu/libfontconfig.so.1.5.0 f70cb000-f70cc000 r--p 00033000 08:01 664503 /usr/lib/i386-linux-gnu/libfontconfig.so.1.5.0 f70cc000-f70cd000 rw-p 00034000 08:01 664503 /usr/lib/i386-linux-gnu/libfontconfig.so.1.5.0 f70cd000-f7164000 r-xp 00000000 08:01 656067 /usr/lib/i386-linux-gnu/libfreetype.so.6.8.1 f7164000-f7168000 r--p 00096000 08:01 656067 /usr/lib/i386-linux-gnu/libfreetype.so.6.8.1 f7168000-f7169000 rw-p 0009a000 08:01 656067 /usr/lib/i386-linux-gnu/libfreetype.so.6.8.1 f7169000-f7195000 r-xp 00000000 08:01 664734 /usr/lib/i386-linux-gnu/libpangoft2-1.0.so.0.3000.0 f7195000-f7196000 r--p 0002b000 08:01 664734 /usr/lib/i386-linux-gnu/libpangoft2-1.0.so.0.3000.0 f7196000-f7197000 rw-p 0002c000 08:01 664734 /usr/lib/i386-linux-gnu/libpangoft2-1.0.so.0.3000.0 f7197000-f7292000 r-xp 00000000 08:01 1048984 /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4 f7292000-f7293000 r--p 000fa000 08:01 1048984 /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4 f7293000-f7294000 rw-p 000fb000 08:01 1048984 /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4 f7294000-f72e4000 r-xp 00000000 08:01 664573 /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4 f72e4000-f72e5000 r--p 00050000 08:01 664573 /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4 f72e5000-f72e6000 rw-p 00051000 08:01 664573 /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4 f72e6000-f73f0000 r-xp 00000000 08:01 664387 /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2 f73f0000-f73f2000 r--p 00109000 08:01 664387 /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2 f73f2000-f73f3000 rw-p 0010b000 08:01 664387 /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2 f73f3000-f73f4000 rw-p 00000000 00:00 0 f73f4000-f743e000 r-xp 00000000 08:01 664730 /usr/lib/i386-linux-gnu/libpango-1.0.so.0.3000.0 f743e000-f743f000 r--p 0004a000 08:01 664730 /usr/lib/i386-linux-gnu/libpango-1.0.so.0.3000.0 f743f000-f7440000 rw-p 0004b000 08:01 664730 /usr/lib/i386-linux-gnu/libpango-1.0.so.0.3000.0 f7440000-f7442000 r--s 00000000 08:01 428174 /var/cache/fontconfig/e49e89034d371f0f9de17aab02136486-le32d4.cache-3 f7442000-f7444000 r--s 00000000 08:01 428160 /var/cache/fontconfig/7ef2298fde41cc6eeb7af42e48b7d293-le32d4.cache-3 f7444000-f7446000 r--s 00000000 08:01 428150 /var/cache/fontconfig/452f1fac34b224105d7acfae3034bcd5-le32d4.cache-3 f7446000-f7462000 r-xp 00000000 08:01 663975 /usr/lib/graphviz/libgvplugin_dot_layout.so.6.0.0 f7462000-f7463000 rw-p 0001b000 08:01 663975 /usr/lib/graphviz/libgvplugin_dot_layout.so.6.0.0 f7463000-f746d000 rw-p 00000000 00:00 0 f746d000-f7491000 r-xp 00000000 08:01 1049047 /lib/i386-linux-gnu/i686/cmov/libm-2.13.so f7491000-f7492000 r--p 00023000 08:01 1049047 /lib/i386-linux-gnu/i686/cmov/libm-2.13.so f7492000-f7493000 rw-p 00024000 08:01 1049047 /lib/i386-linux-gnu/i686/cmov/libm-2.13.so f7493000-f74aa000 r-xp 00000000 08:01 1049038 /lib/i386-linux-gnu/libz.so.1.2.7 f74aa000-f74ab000 r--p 00016000 08:01 1049038 /lib/i386-linux-gnu/libz.so.1.2.7 f74ab000-f74ac000 rw-p 00017000 08:01 1049038 /lib/i386-linux-gnu/libz.so.1.2.7 f74ac000-f74d2000 r-xp 00000000 08:01 1048978 /lib/i386-linux-gnu/libexpat.so.1.6.0 f74d2000-f74d3000 ---p 00026000 08:01 1048978 /lib/i386-linux-gnu/libexpat.so.1.6.0 f74d3000-f74d5000 r--p 00026000 08:01 1048978 /lib/i386-linux-gnu/libexpat.so.1.6.0 f74d5000-f74d6000 rw-p 00028000 08:01 1048978 /lib/i386-linux-gnu/libexpat.so.1.6.0 f74d6000-f74d7000 rw-p 00000000 00:00 0 f74d7000-f74d9000 r-xp 00000000 08:01 1049046 /lib/i386-linux-gnu/i686/cmov/libdl-2.13.so f74d9000-f74da000 r--p 00001000 08:01 1049046 /lib/i386-linux-gnu/i686/cmov/libdl-2.13.so f74da000-f74db000 rw-p 00002000 08:01 1049046 /lib/i386-linux-gnu/i686/cmov/libdl-2.13.so f74db000-f74e2000 r-xp 00000000 08:01 402703 /usr/lib/libpathplan.so.4.0.0 f74e2000-f74e3000 rw-p 00007000 08:01 402703 /usr/lib/libpathplan.so.4.0.0 f74e3000-f74e8000 r-xp 00000000 08:01 402079 /usr/lib/libcdt.so.4.0.0 f74e8000-f74e9000 rw-p 00004000 08:01 402079 /usr/lib/libcdt.so.4.0.0 f74e9000-f74ec000 r-xp 00000000 08:01 402930 /usr/lib/libxdot.so.4.0.0 f74ec000-f74ed000 rw-p 00002000 08:01 402930 /usr/lib/libxdot.so.4.0.0 f74ed000-f7649000 r-xp 00000000 08:01 1049043 /lib/i386-linux-gnu/i686/cmov/libc-2.13.so f7649000-f764a000 ---p 0015c000 08:01 1049043 /lib/i386-linux-gnu/i686/cmov/libc-2.13.so f764a000-f764c000 r--p 0015c000 08:01 1049043 /lib/i386-linux-gnu/i686/cmov/libc-2.13.so f764c000-f764d000 rw-p 0015e000 08:01 1049043 /lib/i386-linux-gnu/i686/cmov/libc-2.13.so f764d000-f7651000 rw-p 00000000 00:00 0 f7651000-f765d000 r-xp 00000000 08:01 402324 /usr/lib/libgraph.so.4.0.0 f765d000-f765e000 rw-p 0000c000 08:01 402324 /usr/lib/libgraph.so.4.0.0 f765e000-f76c0000 r-xp 00000000 08:01 402339 /usr/lib/libgvc.so.5.0.0 f76c0000-f76cc000 rw-p 00061000 08:01 402339 /usr/lib/libgvc.so.5.0.0 f76cc000-f76cd000 rw-p 00000000 00:00 0 f76cd000-f76ce000 r--s 00000000 08:01 428152 /var/cache/fontconfig/4b14b093aebc79c320de5e86ae1d3314-le32d4.cache-3 f76ce000-f76cf000 rw-p 00000000 00:00 0 f76cf000-f76d7000 r-xp 00000000 08:01 664334 /usr/lib/i386-linux-gnu/libXrender.so.1.3.0 f76d7000-f76d8000 rw-p 00008000 08:01 664334 /usr/lib/i386-linux-gnu/libXrender.so.1.3.0 f76d8000-f76df000 r-xp 00000000 08:01 1049059 /lib/i386-linux-gnu/i686/cmov/librt-2.13.so f76df000-f76e0000 r--p 00006000 08:01 1049059 /lib/i386-linux-gnu/i686/cmov/librt-2.13.so f76e0000-f76e1000 rw-p 00007000 08:01 1049059 /lib/i386-linux-gnu/i686/cmov/librt-2.13.so f76e1000-f76e4000 r-xp 00000000 08:01 664554 /usr/lib/i386-linux-gnu/libgmodule-2.0.so.0.3200.4 f76e4000-f76e5000 r--p 00002000 08:01 664554 /usr/lib/i386-linux-gnu/libgmodule-2.0.so.0.3200.4 f76e5000-f76e6000 rw-p 00003000 08:01 664554 /usr/lib/i386-linux-gnu/libgmodule-2.0.so.0.3200.4 f76e6000-f76f1000 r-xp 00000000 08:01 664732 /usr/lib/i386-linux-gnu/libpangocairo-1.0.so.0.3000.0 f76f1000-f76f2000 r--p 0000b000 08:01 664732 /usr/lib/i386-linux-gnu/libpangocairo-1.0.so.0.3000.0 f76f2000-f76f3000 rw-p 0000c000 08:01 664732 /usr/lib/i386-linux-gnu/libpangocairo-1.0.so.0.3000.0 f76f3000-f76f7000 r-xp 00000000 08:01 663978 /usr/lib/graphviz/libgvplugin_pango.so.6.0.0 f76f7000-f76f8000 rw-p 00004000 08:01 663978 /usr/lib/graphviz/libgvplugin_pango.so.6.0.0 f76f8000-f76fa000 rw-p 00000000 00:00 0 f76fa000-f76fb000 r-xp 00000000 00:00 0 [vdso] f76fb000-f7717000 r-xp 00000000 08:01 1048955 /lib/i386-linux-gnu/ld-2.13.so f7717000-f7718000 r--p 0001b000 08:01 1048955 /lib/i386-linux-gnu/ld-2.13.so f7718000-f7719000 rw-p 0001c000 08:01 1048955 /lib/i386-linux-gnu/ld-2.13.so ffa78000-ffa99000 rw-p 00000000 00:00 0 [stack]
I have also gotten a memory corruption with the given input file, and with
'digraph g {v [label="fmnosyy cemnnoopt definr\Einoprx\Eeionprssx aceert"]}'
as input. The directory names are sorted versions of those in N44 of the
original input, and the backslashes and newlines have been space-ified.
If I shorten this by one character I get an assertion error in malloc.c:3096.
If I remove one of the '\E's or replace it by anything else I've come up with
(trying '\e', 'ee', 'E' and 'EE' for a start), I get normal output.
If I run dot with -v, the crash happens right after
'loadimage : (lib) eps gd gd2 gif jpe jpeg jpg png ps svg'
though it is now a segfault rather than a memory corruption.
The same thing happens with neato, fdp, circo and twopi, also if I tweak the
output format parameter (tested: -Tpng, -Tsvg, -Tpdf). Perhaps that not
surprising, since that 'loadimage' comes before the layout algorithm begins in
the -v logorrhea ;-)
Looking at upstream (hg clone http://hg.research.att.com/graphviz), revision
9118 (most recent at the time of writing) didn't crash on the shrunk input,
nor the original.
8833 claims to have fixed a memory/free issue, but it didn't build for me. I
did a hg bisect -c 'make -j' which spat out rev 9084, "start 2.31 development
series". It compiled, and ran on the two input files without a hiccup.
I hope this helps figure out what's going on :-)
Cheerio,
JK
Dear Customer, Your parcel was successfully delivered March 05 to UPS Station, but our courier cound not contact you. Please check delivery label attached! Best regards, Dale Stewart, UPS Senior Station Manager.
Bisect indicates Arnaud’s original problem was (silently?) fixed upstream in commit a02eaec8af5a200bd04ee15c07f53108aa102438, https://gitlab.com/graphviz/graphviz/-/commit/a02eaec8af5a200bd04ee15c07f53108aa102438. This landed in Graphviz 11.0.0. A separate bisect indicates Jonas’s problem was (also silently?) fixed upstream in commit 908a139753380160563a9d3dbf17fe3d3e4d6fdc, https://gitlab.com/graphviz/graphviz/-/commit/908a139753380160563a9d3dbf17fe3d3e4d6fdc. This one landed in Graphviz 2.40.0.