Bug#602566: dvi2ps segfault based on bug in libkpathsea
Dear all, esp Karl,
Details can be found in Debian bug report 602566
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602566
dvi2ps dumps core on a simple dvi file on mipsel arch, quoting an
email in the bug report:
> The bug seems to come from libkpathsea5 and not from dvi2ps. It exists
> on all platforms (at least also on AMD64) but does not trigger a
> segfault. It comes from the kpse_set_suffixes function in the
> libkpathsea compatibility API which calls the kpathsea_set_suffixes
> function and passes to it its variable list of arguments. This operation
> is invalid in C.
In the bug report there is also a backtrace of the segfault and
two patches by Mathias Kende, quoting his email:
> The first patch duplicates some code in tex-file.c (approx. 15 lines),
> but is smaller and simpler. The second creates a helper function which
> reads properly a "va_list" list of arguments. Choose your preferred one.
I attach the two patches, both apply (with some fuzzyness) to current
sources in TeX Live.
What do others think?
Best wishes
Norbert
------------------------------------------------------------------------
Norbert Preining preining@{jaist.ac.jp, logic.at, debian.org}
JAIST, Japan TeX Live & Debian Developer
DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094
------------------------------------------------------------------------
BURNT YATES
Condition to which yates (q.v.) will suddenly pass without any
apparent interviewing period, after the spirit of the throckmorton
(q.v.) has finally been summoned by incessant throcking (q.v.)
--- Douglas Adams, The Meaning of Liff
--- a/texlive-bin-2009/texk/kpathsea/tex-file.c 2009-06-23 15:50:13.000000000 +0200
+++ b/texlive-bin-2009/texk/kpathsea/tex-file.c 2010-11-08 15:41:50.000000000 +0100
@@ -346,20 +346,34 @@
(*list)[count] = NULL;
}
-
#if defined (KPSE_COMPAT_API)
+/* it is impossible to pass around a list of (variable) arguments. */
void
kpse_set_suffixes (kpse_file_format_type format,
boolean alternate, ...)
{
+ const_string **list;
+ const_string s;
+ int count = 0;
va_list ap;
+
+ if (alternate) {
+ list = &(kpse_def->format_info[format].alt_suffix);
+ } else {
+ list = &(kpse_def->format_info[format].suffix);
+ }
+
va_start (ap, alternate);
- kpathsea_set_suffixes (kpse_def, format, alternate, ap);
+ while ((s = va_arg (ap, string)) != NULL) {
+ count++;
+ XRETALLOC (*list, count + 1, const_string);
+ (*list)[count - 1] = s;
+ }
va_end (ap);
+ (*list)[count] = NULL;
}
#endif
-
/* The path spec we are defining, one element of the global array. */
#define FMT_INFO (kpse->format_info[format])
/* Call kpse_set_add_suffixes. */
--- a/texlive-bin-2009/texk/kpathsea/tex-file.c 2010-11-08 16:37:04.000000000 +0100
+++ b/texlive-bin-2009/texk/kpathsea/tex-file.c 2010-11-08 16:41:08.000000000 +0100
@@ -321,14 +321,13 @@
/* Some file types have more than one suffix, and sometimes it is
convenient to modify the list of searched suffixes. */
-void
-kpathsea_set_suffixes (kpathsea kpse, kpse_file_format_type format,
- boolean alternate, ...)
+static void
+kpathsea_set_suffixes_va_list(kpathsea kpse, kpse_file_format_type format,
+ boolean alternate, va_list ap)
{
const_string **list;
const_string s;
int count = 0;
- va_list ap;
if (alternate) {
list = &(kpse->format_info[format].alt_suffix);
@@ -336,16 +335,24 @@
list = &(kpse->format_info[format].suffix);
}
- va_start (ap, alternate);
while ((s = va_arg (ap, string)) != NULL) {
count++;
XRETALLOC (*list, count + 1, const_string);
(*list)[count - 1] = s;
}
- va_end (ap);
(*list)[count] = NULL;
}
+void
+kpathsea_set_suffixes (kpathsea kpse, kpse_file_format_type format,
+ boolean alternate, ...)
+{
+ va_list ap;
+ va_start (ap, alternate);
+ kpathsea_set_suffixes_va_list (kpse, format, alternate, ap);
+ va_end (ap);
+}
+
#if defined (KPSE_COMPAT_API)
void
@@ -354,7 +361,7 @@
{
va_list ap;
va_start (ap, alternate);
- kpathsea_set_suffixes (kpse_def, format, alternate, ap);
+ kpathsea_set_suffixes_va_list (kpse_def, format, alternate, ap);
va_end (ap);
}
#endif
Reply to: