xapian-compact crash while compacting a spelling table

[Charlie Hull]

aldric.pierrain@… reports that xapian-compact crashes on Windows XP SP2 when working on a database containing spelling tables. Verified on the database flint/dbwspell3 from the test suite, crashes while processing the spelling table.

[Charlie Hull]

I've narrowed this down to line 413 of xapian-compact.cc: 412: string key = cur->current_key; 413: if (pq.top()->current_key > key) {

key looks like it's being set properly, it's 'Bho', but the subsequent line segfaults. I have a debug IDE so I can set instrumentation pretty easily, but since pq is a vector I'm not sure what's best here...

[Richard Boulton]

Have found the problem - pq.empty() needs to be checked before pq.top() is called, and isn't on the line in question. Am testing fix - will apply to trunk and branches/1.0 when tested.

Charlie has confirmed (on IRC) that my fix works on windows in the case specified by the bug report.

[Richard Boulton]

We should fix this for 1.0.9, since we can easily.

[Richard Boulton]

Some more detail, for posterity:

Checking that empty() on a priority_queue() returns false is a precondition for calling top(), but the failure to do this wasn't causing a visible problem on (at least) Linux, because top() was returning the item which _used_ to be at the top of the priority queue. However, this was causing Linux to use the less efficient code path for multiple databases, which checks if the tag needs to be merged with others.

On windows, calling top() on the empty priority_queue was causing an immediate segfault.

[Richard Boulton]

Fix applied to trunk and branches/1.0