Bug 49848
| Summary: | povray segfaults on incorrect #macro definition | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Powertools | Reporter: | David Nečas <yeti> |
| Component: | povray | Assignee: | bero |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.1 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2002-01-17 15:27:50 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I getting in tough with the maintainers of povray on this. You may want to do the same. Tim The bug is near line 3153 tokenize.c (function Parse_Macro) you find New->Macro_Filename = NULL; New->Macro_Name=POV_STRDUP(Token.Token_String); GET (LEFT_PAREN_TOKEN); New->Num_Of_Pars=0; /* <<== BUG! */ change the order to New->Num_Of_Pars=0; /* Move here! */ New->Macro_Filename = NULL; New->Macro_Name=POV_STRDUP(Token.Token_String); GET (LEFT_PAREN_TOKEN); This should fix the crash later on in Destroy_Macro. -- Thorsten Froehlich, POV-Team Thanks for the patch - unfortunately powertools has been discontinued, so there's no next release to fix this in. |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.19 i686; en-US; rv:0.9.1) Gecko/20010607 Description of problem: povray segfaults on a #macro definition lacking the () paramter parenthesis. However, not on every such a #macro, it depends on statements preceeding the bad #macro. How reproducible: Always Steps to Reproduce: 1. Create a file crash-me.pov with following content: #include "colors.inc" #declare Description = "16bit heightfiled, rough, no smoothing" #declare FileName = "small" #declare LSDistance = 30; #macro LightSource0 light_source{<2*LSDistance,LSDistance,0> White} #end 2. run $ x-povray +Icrash-me.pov +Ocrash-me.png Actual Results: It prints following output and segfaults: Persistence of Vision(tm) Ray Tracer Version 3.1g.Linux.gcc This is an unofficial version compiled by: Red Hat Software <http://www.redhat.com> The POV-Ray Team(tm) is not responsible for supporting this version. Copyright 1999 POV-Ray Team(tm) Parsing Options Input file: crash-me.pov (compatible to version 3.1) Remove bounds........On Split unions........Off Library paths: /usr/lib/povray31 /usr/lib/povray31/include Output Options Image resolution 320 by 240 (rows 1 to 240, columns 1 to 320). Output file: crash-me.png, 24 bpp PNG Graphic display.....Off Mosaic preview......Off CPU usage histogram.Off Continued trace.....Off Allow interruption...On Pause when done.....Off Verbose messages....Off Tracing Options Quality: 9 Bounding boxes.......On Bounding threshold: 25 Light Buffer.........On Vista Buffer.........On Antialiasing........Off Radiosity...........Off Animation Options Clock value.... 0.000 (Animation off) Redirecting Options All Streams to console..........On Debug Stream to console.........On Fatal Stream to console.........On Render Stream to console........On Statistics Stream to console....On Warning Stream to console.......On Parsing....#declare LSDistance = 30; #macro LightSource0 light_source <----ERROR crash-me.pov:9: error: ( expected but light_source found instead. Segmentation fault (core dumped) Expected Results: Everything as in Actual results (including the error message at the end, which is correct), except the segfault. Additional info: Whether it crashes or not depends on what preceeds the bad #macro definition. So the example I send is one of the shortest files triggering the bug I was able to create, a #macro alone doesn't suffice.