Bug 193915
Summary: | dvipdfm buffer overflow | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Creo <creolophus> | ||||||||||
Component: | tetex | Assignee: | Jindrich Novy <jnovy> | ||||||||||
Status: | CLOSED RAWHIDE | QA Contact: | David Lawrence <dkl> | ||||||||||
Severity: | high | Docs Contact: | |||||||||||
Priority: | medium | ||||||||||||
Version: | 5 | CC: | pknirsch | ||||||||||
Target Milestone: | --- | ||||||||||||
Target Release: | --- | ||||||||||||
Hardware: | i686 | ||||||||||||
OS: | Linux | ||||||||||||
Whiteboard: | |||||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||||
Doc Text: | Story Points: | --- | |||||||||||
Clone Of: | Environment: | ||||||||||||
Last Closed: | 2006-06-26 13:49:42 UTC | Type: | --- | ||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||
Documentation: | --- | CRM: | |||||||||||
Verified Versions: | Category: | --- | |||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||
Embargoed: | |||||||||||||
Attachments: |
|
Description
Creo
2006-06-02 21:28:18 UTC
Works for me: $ dvipdfm file.dvi file.dvi -> file.pdf [1] 11445 bytes written Could you attach a dvi file that makes dvipdfm crash? Created attachment 131009 [details]
A sample .dvi file
This is a simple .dvi file obtained by running TeX on a .tex file which
contains the following:
hi
\bye
Sorry, I'm still unable to reproduce it even if I installed tetex to a new clean FC5 chroot and updated tetex to 3.0.19.fc5. Could you please install: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/i386/debug/tetex-debuginfo-3.0-19.fc5.i386.rpm and send me a backtrace including debug info? I mean the output of: gdb --args dvipdfm file.dvi run bt Created attachment 131095 [details]
dvipdfm backtrace
This is a backtrace on the test.dvi attached earlier
thank you for following this up :)
whoops! the backtrace that i posted was NOT for tetex-debuginfo-3.0-19.fc5.i386.rpm :( will install the package with debuginfo and post the backtrace soon Created attachment 131116 [details]
dvipdfm backtrace
This is a backtrace by running dvipdfm on test.dvi (mentioned earlier)
(note:
[user@localhost ~]$ rpm -q tetex
tetex-3.0-19.fc5
[user@localhost ~]$ rpm -q tetex-debuginfo
tetex-debuginfo-3.0-19.fc5
)
Created attachment 131117 [details]
Patch to fix the buffer overflow.
Thanks, I can see it from the code now. It's an obvious sprintf buffer
overflow. The size of date_string should be larger of one byte.
The patch is now applied in devel tetex-3.0-26. thank you so much! |