Comment 5 for bug 395204

Binary package hint: python-gdchart

Hello, I was stepping through some gdchart examples, and suddenly
came into this.
There's probably a bug in gdchart which almost led to segfault
(smashing detected), the version says beta, but since it makes
stable python to crash then I think it should at least be
reported.

ubuntu version: Ubuntu 9.04
python version: 2.6.2-0ubuntu1
python-gdchart2 version: 0.beta1-3.4build1

How to reproduce:

sudo apt-get install python-gdchart2

crashes.py:
#!/usr/bin/env python
import gdchart

def crashes():
    chart = gdchart.Bar()
    chart.width = 400
    chart.height = 400
    chart.bg_color = 'white'
    chart.plot_color = 'black'
    chart.xtitle = "Blah"
    chart.ytitle = "Blah"
    chart.title = "Blah"
    chart.setData([100, 200, 300, 400])
    chart.setLabels(['1', '2', '3', '4'])
    chart.draw('test.png')

if __name__ == '__main__':
    crashes()

Stacktrace:

In [14]: chart.draw('test.png')
*** buffer overflow detected ***: /usr/bin/python terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x4b)[0xb7f3daab]
/lib/libc.so.6[0xb7f3baf0]
/lib/libc.so.6(__strcpy_chk+0x44)[0xb7f3ae24]
/var/lib/python-support/python2.6/_gdchartc.so(getStringsFromSequence+0xa7)[0xb79f69f7]
/var/lib/python-support/python2.6/_gdchartc.so(pygd_out_graph+0x110)[0xb79f6c10]
/usr/bin/python(PyEval_EvalFrameEx+0x4d82)[0x80de562]
/usr/bin/python(PyEval_EvalFrameEx+0x5da7)[0x80df587]
/usr/bin/python(PyEval_EvalCodeEx+0x7a8)[0x80e00b8]
/usr/bin/python(PyEval_EvalFrameEx+0x46da)[0x80ddeba]
/usr/bin/python(PyEval_EvalCodeEx+0x7a8)[0x80e00b8]
/usr/bin/python(PyEval_EvalFrameEx+0x4e18)[0x80de5f8]
/usr/bin/python(PyEval_EvalCodeEx+0x7a8)[0x80e00b8]
/usr/bin/python(PyEval_EvalFrameEx+0x4e18)[0x80de5f8]
/usr/bin/python(PyEval_EvalFrameEx+0x5da7)[0x80df587]
/usr/bin/python(PyEval_EvalCodeEx+0x7a8)[0x80e00b8]
/usr/bin/python(PyEval_EvalFrameEx+0x4e18)[0x80de5f8]
/usr/bin/python(PyEval_EvalCodeEx+0x7a8)[0x80e00b8]
/usr/bin/python(PyEval_EvalFrameEx+0x4e18)[0x80de5f8]
/usr/bin/python(PyEval_EvalCodeEx+0x7a8)[0x80e00b8]
/usr/bin/python(PyEval_EvalFrameEx+0x4e18)[0x80de5f8]
/usr/bin/python(PyEval_EvalCodeEx+0x7a8)[0x80e00b8]
/usr/bin/python(PyEval_EvalCode+0x57)[0x80e0217]
/usr/bin/python(PyRun_FileExFlags+0x121)[0x80fe0e1]
/usr/bin/python(PyRun_SimpleFileExFlags+0x1da)[0x80fe43a]
/usr/bin/python(Py_Main+0xcb2)[0x805c882]
/usr/bin/python(main+0x22)[0x805b972]
/lib/libc.so.6(__libc_start_main+0xe5)[0xb7e6d7a5]
/usr/bin/python[0x805b8b1]
======= Memory map: ========
08048000-08225000 r-xp 00000000 08:11 112720 /usr/bin/python2.6
08225000-08226000 r--p 001dc000 08:11 112720 /usr/bin/python2.6
08226000-08273000 rw-p 001dd000 08:11 112720 /usr/bin/python2.6
08273000-0827c000 rw-p 08273000 00:00 0
09b1f000-09f36000 rw-p 09b1f000 00:00 0 [heap]
b78a2000-b78cc000 r-xp 00000000 08:11 194006 /lib/libgcc_s.so.1
b78cc000-b78cd000 r--p 00029000 08:11 194006 /lib/libgcc_s.so.1
b78cd000-b78ce000 rw-p 0002a000 08:11 194006 /lib/libgcc_s.so.1
b78ce000-b7940000 r-xp 00000000 08:11 115566 /usr/lib/libfreetype.so.6.3.20
b7940000-b7944000 r--p 00071000 08:11 115566 /usr/lib/libfreetype.so.6.3.20
b7944000-b7945000 rw-p 00075000 08:11 115566 /usr/lib/libfreetype.so.6.3.20
b7945000-b7964000 r-xp 00000000 08:11 113951 /usr/lib/libjpeg.so.62.0.0
b7964000-b7965000 rw-p 0001e000 08:11 113951 /usr/lib/libjpeg.so.62.0.0
b7965000-b7989000 r-xp 00000000 08:11 114115 /usr/lib/libpng12.so.0.27.0
b7989000-b798a000 r--p 00023000 08:11 114115 /usr/lib/libpng12.so.0.27.0
b798a000-b798b000 rw-p 00024000 08:11 114115 /usr/lib/libpng12.so.0.27.0
b798b000-b79a8000 r-xp 00000000 08:11 113656 /usr/lib/libgd.so.2.0.0
b79a8000-b79a9000 r--p 0001c000 08:11 113656 /usr/lib/libgd.so.2.0.0
b79a9000-b79c8000 rw-p 0001d000 08:11 113656 /usr/lib/libgd.so.2.0.0
b79c8000-b79cc000 rw-p b79c8000 00:00 0
b79cc000-b79e1000 r-xp 00000000 08:11 114471 /usr/lib/libgdc.so.0.11.5
b79e1000-b79e2000 r--p 00014000 08:11 114471 /usr/lib/libgdc.so.0.11.5
b79e2000-b79e3000 rw-p 00015000 08:11 114471 /usr/lib/libgdc.so.0.11.5
b79f3000-b79fa000 r-xp 00000000 08:11 138795 /usr/lib/python-support/python-gdchart2/python2.6/_gdchartc.so
b79fa000-b79fb000 r--p 00006000 08:11 138795 /usr/lib/python-support/python-gdchart2/python2.6/_gdchartc.so
b79fb000-b79fc000 rw-p 00007000 08:11 138795 /usr/lib/python-support/python-gdchart2/python2.6/_gdchartc.so
b79fc000-b7a14000 r-xp 00000000 08:11 178659 /usr/lib/python2.6/lib-dynload/_ctypes.so
b7a14000-b7a15000 r--p 00017000 08:11 178659 /usr/lib/python2.6/lib-dynload/_ctypes.so
b7a15000-b7a18000 rw-p 00018000 08:11 178659 /usr/lib/python2.6/lib-dynload/_ctypes.so
b7a18000-b7a4b000 r-xp 00000000 08:11 195869 /lib/libncurses.so.5.7
b7a4b000-b7a4d000 r--p 00033000 08:11 195869 /lib/libncurses.so.5.7
b7a4d000-b7a4e000 rw-p 00035000 08:11 195869 /lib/libncurses.so.5.7
b7a4e000-b7a7a000 r-xp 00000000 08:11 191740 /lib/libreadline.so.5.2
b7a7a000-b7a7b000 ---p 0002c000 08:11 191740 /lib/libreadline.so.5.2
b7a7b000-b7a7c000 r--p 0002c000 08:11 191740 /lib/libreadline.so.5.2
b7a7c000-b7a7f000 rw-p 0002d000 08:11 191740 /lib/libreadline.so.5.2
b7a7f000-b7a80000 rw-p b7a7f000 00:00 0
b7a88000-b7a8e000 r-xp 00000000 08:11 178673 /usr/lib/python2.6/lib-dynload/_ssl.so
b7a8e000-b7a8f000 r--p 00006000 08:11 178673 Aborted