Bug#734939: texlive-binaries: synctex view with -x crashes consistently
Hi Peter, hi Karl,
on Debian we got a bug report that the synctex main binary crashes:
On Fr, 10 Jan 2014, Sebastian Ramacher wrote:
> I was trying to use "synctex view" with the optional -x argument, but
> already a simple "syntex view -i input -o output -x echo" segfaults.
> This is caused by an missing 0 in the string passed to system
> (texk/web2c/synctexdir/synctex_main.c:469).
>
> If that is fixed, synctex segfaults later while trying to parse more
> optional arguments which are not there.
>
> The attached patch fixes both issue. Please consider applying the patch
> or fixing the issues in another way.
I attach the patch, too.
I checked and it still applies against the current svn sources in TeX Live.
What do you think?
Thanks,
Norbert
------------------------------------------------------------------------
PREINING, Norbert http://www.preining.info
JAIST, Japan TeX Live & Debian Developer
DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094
------------------------------------------------------------------------
--- a/texk/web2c/synctexdir/synctex_main.c
+++ b/texk/web2c/synctexdir/synctex_main.c
@@ -304,11 +304,11 @@
if(++arg_index<argc) {
goto option_command;
} else {
- synctex_view_proceed(&Ps);
+ return synctex_view_proceed(&Ps);
}
} else {
Ps.directory = getenv("SYNCTEX_BUILD_DIRECTORY");
- synctex_view_proceed(&Ps);
+ return synctex_view_proceed(&Ps);
}
}
option_command:
@@ -320,7 +320,7 @@
if(++arg_index<argc) {
goto option_hint;
} else {
- synctex_view_proceed(&Ps);
+ return synctex_view_proceed(&Ps);
}
} else {
/* retrieve the environment variable */
@@ -329,7 +329,7 @@
}
} else {
Ps.viewer = getenv("SYNCTEX_VIEWER");
- synctex_view_proceed(&Ps);
+ return synctex_view_proceed(&Ps);
}
}
option_hint:
@@ -347,7 +347,7 @@
*Ps.after = '\0';
if(Ps.offset<strlen(Ps.middle)) {
++Ps.after;
- synctex_view_proceed(&Ps);
+ return synctex_view_proceed(&Ps);
}
}
}
@@ -460,11 +460,12 @@
break;
}
/* copy the rest of viewer into the buffer */
- if(buffer_cur != memcpy(buffer_cur,viewer,strlen(viewer))) {
+ if(buffer_cur != strncpy(buffer_cur,viewer,size + 1)) {
synctex_help_view("Memory copy problem");
free(buffer);
return -1;
}
+ buffer_cur[size] = '\0';
printf("SyncTeX: Executing\n%s\n",buffer);
status = system(buffer);
free(buffer);
Reply to: