[tex-k] patch to fix dvips crashes on macos with clang
Tomas Rokicki
rokicki at gmail.com
Mon Aug 7 05:34:49 CEST 2017
This change looks good. I wonder if there are any other such places in the
code; I remember using that trick a few places.
On Sun, Aug 6, 2017 at 4:40 PM, Darrin B. Jewell <dbj at mit.edu> wrote:
>
> I compiled dvips on a macos system running a recent clang:
>
> $ sw_vers
> ProductName: Mac OS X
> ProductVersion: 10.12.5
> BuildVersion: 16F2073
>
> $ uname -a
> Darwin Quiteria.local 16.6.0 Darwin Kernel Version 16.6.0: Fri Apr 14
> 16:13:31 PDT 2017; root:xnu-3789.60.24~4/RELEASE_X86_64 x86_64
>
> $ clang --version
> Apple LLVM version 8.1.0 (clang-802.0.42)
> Target: x86_64-apple-darwin16.6.0
> Thread model: posix
>
> $ xcodebuild -version
> Xcode 8.3.3
> Build version 8E3004b
>
> Unfortunately, dvips crashes with an abort in strcpy (__strcpy_chk)
> because the clang compiler and libraries are adding extra buffer overflow
> checks in the implementation of strcpy when copying into the colordat
> field of struct colorpage. Since the code treats this as a variable
> length field by mallocing extra room in the struct, the easy fix is
> to use the c99 syntax for specifying variable length fields in
> the end of structs.
>
> The patch below fixes the problem.
>
> Thanks,
> Darrin
>
> *** texlive-20170524-source.dist/texk/dvipsk/color.c 2016-11-25
> 10:08:46.000000000 -0800
> --- texlive-20170524-source/texk/dvipsk/color.c 2017-08-06
> 16:31:59.000000000 -0700
> ***************
> *** 37,43 ****
> struct colorpage *next;
> integer boploc; /* we use the bop loc as a page indicator */
> char *bg;
> ! char colordat[2];
> } *colorhash[COLORHASH];
> static char *cstack, *csp, *cend, *bg;
> /*
> --- 37,43 ----
> struct colorpage *next;
> integer boploc; /* we use the bop loc as a page indicator */
> char *bg;
> ! char colordat[];
> } *colorhash[COLORHASH];
> static char *cstack, *csp, *cend, *bg;
> /*
> ***************
> *** 216,222 ****
> }
> } else {
> p = (struct colorpage *)mymalloc((integer)
> ! (strlen(cstack) + sizeof(struct colorpage) +
> MAXCOLORLEN));
> p->next = colorhash[h];
> p->boploc = pageloc;
> strcpy(p->colordat, cstack);
> --- 216,222 ----
> }
> } else {
> p = (struct colorpage *)mymalloc((integer)
> ! (strlen(cstack) + sizeof(struct colorpage) +
> MAXCOLORLEN + 2));
> p->next = colorhash[h];
> p->boploc = pageloc;
> strcpy(p->colordat, cstack);
>
--
-- http://cube20.org/ -- http://golly.sf.net/ --
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tug.org/pipermail/tex-k/attachments/20170806/3b3755dd/attachment.html>
More information about the tex-k
mailing list