[tex-k] (fwd) Bug#633011: /usr/bin/tex crashes on every *.tex file

Norbert Preining preining at logic.at
Fri Jul 8 08:56:23 CEST 2011 

Hi everyone here,

here at Debian we got an interesting bug report, and I can 
confirm it. tex binary (I know, it is the one form 2009)
crashes with seg fault on an empty file. That seems to have
been introduced with a new compiler or linker.

THe OP (big thanks) also proposes a patch.

I checked current TL development sources and the respective code is
still present in
	enctex.ch
where at line 14 it is 
	mubyte_cswrite: array [0..127] of pointer;
and then in line 45
	for i:=0 to 128 do mubyte_cswrite[i]:=null;

Is there an opinion on that?

Thanks a lot and all the best

Norbert



----- Forwarded message from Roderich Schupp <roderich.schupp at googlemail.com> -----

> From: Roderich Schupp <roderich.schupp at googlemail.com>
> Subject: Bug#633011: /usr/bin/tex crashes on every *.tex file
> To: Debian Bug Tracking System <submit at bugs.debian.org>
> 
> Package: texlive-binaries
> Version: 2009-8+b1
> Severity: normal
> Tags: sid
> 
> To reproduce
> 
> $ > foo.tex                     # but any other .tex file will do
> $ tex foo.tex
> This is TeX, Version 3.1415926 (TeX Live 2009/Debian)
> Segmentation fault
> 
> This is due to an longstanding off-by-one error during initialization (even
> before loading a .fmt file):
> 
> In Web (Pascal) source we have
> 
>   mubyte_cswrite: array [0..127] of pointer;
> 
> and later this array is initialized with
> 
>   for i:=0 to 128 do mubyte_cswrite[i]:=null;
> 
> Why hasn't this caused any problems before the latest (2009-8+b1) bin-NMU?
> My guess is that the GNU linker now produces another memory layout.
> Note that in the generated C source global variables like the above array are
> only declared "extern halfword mubytecswrite[128]", but are never defined.
> Hence their linkage is "common" and the linker is free to use any layout.
> For me mubytecswrite [128] is at the same address as extramembot (C variable
> names)
> and the later the has the value -268435455L (that's what's used for Pascal's
> "null").
> This is very unfortunate because extramembot is supposed to be positive and
> this leads to totally bogus pointer calculations resulting in a segfault.
> 
> Suggested patch attached.
> 
> Cheers, Roderich
> 

> --- a/texk/web2c/tex.ch	2011-07-07 21:26:55.779344956 +0200
> +++ b/texk/web2c/tex.ch	2009-08-12 23:40:14.000000000 +0200
> @@ -371,7 +371,7 @@
>  {Initialize enc\TeX\ data.}
>  for i:=0 to 255 do mubyte_read[i]:=null;
>  for i:=0 to 255 do mubyte_write[i]:=0;
> -for i:=0 to 128 do mubyte_cswrite[i]:=null;
> +for i:=0 to 127 do mubyte_cswrite[i]:=null;
>  mubyte_keep := 0; mubyte_start := false; 
>  write_noexpanding := false; cs_converting := false;
>  special_printing := false; message_printing := false;
> --- a/texk/web2c/xetexdir/xetex.ch	2011-07-07 21:26:55.779344956 +0200
> +++ b/texk/web2c/xetexdir/xetex.ch	2011-07-07 21:26:55.779344956 +0200
> @@ -335,7 +335,7 @@
>  {Initialize enc\TeX\ data.}
>  for i:=0 to 255 do mubyte_read[i]:=null;
>  for i:=0 to 255 do mubyte_write[i]:=0;
> -for i:=0 to 128 do mubyte_cswrite[i]:=null;
> +for i:=0 to 127 do mubyte_cswrite[i]:=null;
>  mubyte_keep := 0; mubyte_start := false;
>  write_noexpanding := false; cs_converting := false;
>  special_printing := false; message_printing := false;


----- End forwarded message -----

------------------------------------------------------------------------
Norbert Preining            preining@{jaist.ac.jp, logic.at, debian.org}
JAIST, Japan                                 TeX Live & Debian Developer
DSA: 0x09C5B094   fp: 14DF 2E6C 0307 BE6D AD76  A9C0 D2BF 4AA3 09C5 B094
------------------------------------------------------------------------
SLOGARIE (n.)
Hillwalking dialect for the seven miles of concealed rough moorland
which lie between what you though was the top of the hill and what
actually is.
			--- Douglas Adams, The Meaning of Liff

More information about the tex-k mailing list