Re: pkg/60059: math/gnumeric 10.0_2025Q4 segfaults on RPi4

["Ramiro Aceves via gnats" <gnats-admin%NetBSD.org@localhost>]

The following reply was made to PR pkg/60059; it has been noted by GNATS.

From: Ramiro Aceves <ea1abz%gmail.com@localhost>
To: gnats-bugs%netbsd.org@localhost, pkg-manager%netbsd.org@localhost, gnats-admin%netbsd.org@localhost,
 pkgsrc-bugs%netbsd.org@localhost
Cc: 
Subject: Re: pkg/60059: math/gnumeric 10.0_2025Q4 segfaults on RPi4
Date: Sun, 15 Mar 2026 09:46:34 +0100

 El 11/3/26 a las 20:30, Benny Siegert via gnats escribió:
 > The following reply was made to PR pkg/60059; it has been noted by GNATS.
 > 
 > From: Benny Siegert <bsiegert%netbsd.org@localhost>
 > To: Ramiro Aceves <ea1abz%gmail.com@localhost>
 > Cc: gnats-bugs%netbsd.org@localhost, pkg-manager%netbsd.org@localhost, gnats-admin%netbsd.org@localhost,
 >      pkgsrc-bugs%netbsd.org@localhost
 > Subject: Re: pkg/60059: math/gnumeric 10.0_2025Q4 segfaults on RPi4
 > Date: Wed, 11 Mar 2026 19:28:46 +0000 (UTC)
 > 
 >   >>  Changing from "long double" to "double" inside
 >   >>  fmt-fp function in the file
 >   >>  /usr/pkgsrc/misc/goffice0.10/work/goffice-0.10.60/goffice/math
 >   >>  fixes de crash.
 >   >>
 >   >>  I do not know how to properly fix it only for aarch64 and if it is a
 >   >>  proper fix.
 >   
 >   Thanks, this is actually helpful! At the risk of being flamed to death, I
 >   used Gemini to explain the cause of the crash. It suggests that this is a
 >   pointer underflow specifically on aarch64, because the calculation of the
 >   array size in that function is wrong. It suggests this patch:
 >   
 >   --- go-dtoa.c
 >   +++ go-dtoa.c
 >   @@ -227,7 +227,7 @@
 >     	if (y) y *= 0x1p28, e2-=28;
 >   
 >     	if (e2<0) a=r=z=big;
 >   -	else a=r=z=big+sizeof(big)/sizeof(*big) - LDBL_MANT_DIG - 1;
 >   +	else a=r=z=big+sizeof(big)/sizeof(*big) - (LDBL_MANT_DIG+28)/9 - 1;
 >   
 >     	do {
 >     		*z = y;
 >   
 >   It also suggests that the code is lifted from musl libc :)
 >   
 >   Can you try recompiling goffice0.10 with this change?
 >   
 >   Thanks!
 >   
 >   --
 >   Benny
 >   
 
 Hello Benny,
 
 I have recompiled goffice changing only one line manually as you told but it segfaults again (make replace):
 
 
 
 netbsd-raspa4# diff -Nru  /usr/pkgsrc/misc/goffice0.10/work/goffice-0.10.59/goffice/math/go-dtoa.c.orig 
 /usr/pkgsrc/misc/goffice0.10/work/goffice-0.10.59/goffice/math/go-dtoa.c
 --- /usr/pkgsrc/misc/goffice0.10/work/goffice-0.10.59/goffice/math/go-dtoa.c.orig	2025-03-01 22:10:00.000000000 +0100
 +++ /usr/pkgsrc/misc/goffice0.10/work/goffice-0.10.59/goffice/math/go-dtoa.c	2026-03-15 09:09:03.728612918 +0100
 @@ -49,6 +49,14 @@
   #define go_finitel isfinite
   #endif
 
 +#if defined(__NetBSD__)
 +#if (__NetBSD_Version__ >= 699001700)
 +/* in <math.h> in newer NetBSDs, should already be included */
 +#else
 +/* OK, this will lose precision and range, but what else to do? */
 +#define frexpl(ldv,i)	(long double)frexp((double)ldv, i)
 +#endif
 +#endif /* __NetBSD__ */
 
   /* musl code starts here */
 
 @@ -234,7 +242,8 @@
   	if (y) y *= 0x1p28, e2-=28;
 
   	if (e2<0) a=r=z=big;
 -	else a=r=z=big+sizeof(big)/sizeof(*big) - LDBL_MANT_DIG - 1;
 +/*else a=r=z=big+sizeof(big)/sizeof(*big) - LDBL_MANT_DIG - 1;*/
 +	else a=r=z=big+sizeof(big)/sizeof(*big) - (LDBL_MANT_DIG+28)/9 - 1;
 
   	do {
   		*z = y;
 netbsd-raspa4#
 
 
 netbsd-raspa4$ gdb /usr/pkg/bin/gnumeric
 GNU gdb (GDB) 11.0.50.20200914-git
 Copyright (C) 2020 Free Software Foundation, Inc.
 License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
 This is free software: you are free to change and redistribute it.
 There is NO WARRANTY, to the extent permitted by law.
 Type "show copying" and "show warranty" for details.
 This GDB was configured as "aarch64--netbsd".
 Type "show configuration" for configuration details.
 For bug reporting instructions, please see:
 <https://www.gnu.org/software/gdb/bugs/>.
 Find the GDB manual and other documentation resources online at:
      <http://www.gnu.org/software/gdb/documentation/>.
 
 For help, type "help".
 Type "apropos word" to search for commands related to "word"...
 Reading symbols from /usr/pkg/bin/gnumeric...
 (No debugging symbols found in /usr/pkg/bin/gnumeric)
 (gdb) run
 Starting program: /usr/pkg/bin/gnumeric
 [New LWP 1771 of process 10389]
 [New LWP 28988 of process 10389]
 [New LWP 21892 of process 10389]
 [New LWP 8735 of process 10389]
 
 (gnumeric:10389): GVFS-RemoteVolumeMonitor-WARNING **: 09:37:26.260: cannot open directory /usr/pkg/share/gvfs/remote-volume-monitors: Falló al abrir 
 la carpeta «/usr/pkg/share/gvfs/remote-volume-monitors»: No such file or directory
 [New LWP 27385 of process 10389]
 
 Thread 1 "" received signal SIGSEGV, Segmentation fault.
 0x0000fde79e13a13c in fmt_fp (f=f@entry=0xfde796a92400, y=inf, y@entry=0,
      w=w@entry=1, p=<optimized out>, p@entry=0, fl=fl@entry=536870918,
      t=t@entry=70) at math/go-dtoa.c:249
 249			*z = y;
 (gdb)
 (gdb) list
 244		if (e2<0) a=r=z=big;
 245	/*else a=r=z=big+sizeof(big)/sizeof(*big) - LDBL_MANT_DIG - 1;*/
 246		else a=r=z=big+sizeof(big)/sizeof(*big) - (LDBL_MANT_DIG+28)/9 - 1;
 247	
 248		do {
 249			*z = y;
 250			y = 1000000000*(y-*z++);
 251		} while (y);
 252	
 253		while (e2>0) {
 (gdb)
 
 Regards.
 Ramiro.