Description of problem: The dvipdfm program produces an error *everytime* it is run on a .dvi file Version-Release number of selected component (if applicable): tetex 3.0.17 (fc5 default) tetex 3.0.19 (fc5 update - from fedora repository as on june 3, 2006) How reproducible: Prepare a .dvi file and run 'dvipdfm' on it to get an error Steps to Reproduce: 1. prepare a tex/latex file 2. run it through tex/latex to get .dvi file 3. dvipdfm tex/latex file Actual results: [user@localhost ~]$ dvipdfm test2.dvi test2.dvi -> test2.pdf [1]*** buffer overflow detected ***: dvipdfm terminated ======= Backtrace: ========= /lib/libc.so.6(__chk_fail+0x41)[0x710965] /lib/libc.so.6(__vsprintf_chk+0x0)[0x7101e8] /lib/libc.so.6(_IO_default_xsputn+0x9c)[0x6957e8] /lib/libc.so.6(_IO_vfprintf+0xfb0)[0x6700a9] /lib/libc.so.6(__vsprintf_chk+0xa1)[0x710289] /lib/libc.so.6(__sprintf_chk+0x30)[0x7101dc] dvipdfm[0x804e850] dvipdfm[0x80629a8] /lib/libc.so.6(__libc_start_main+0xdc)[0x64a7e4] dvipdfm[0x8049b91] ======= Memory map: ======== 00618000-00631000 r-xp 00000000 03:03 1525112 /lib/ld-2.4.so 00631000-00632000 r-xp 00018000 03:03 1525112 /lib/ld-2.4.so 00632000-00633000 rwxp 00019000 03:03 1525112 /lib/ld-2.4.so 00635000-00761000 r-xp 00000000 03:03 1525113 /lib/libc-2.4.so 00761000-00764000 r-xp 0012b000 03:03 1525113 /lib/libc-2.4.so 00764000-00765000 rwxp 0012e000 03:03 1525113 /lib/libc-2.4.so 00765000-00768000 rwxp 00765000 00:00 0 00797000-007a9000 r-xp 00000000 03:03 1907640 /usr/lib/libz.so.1.2.3 007a9000-007aa000 rwxp 00011000 03:03 1907640 /usr/lib/libz.so.1.2.3 0095d000-00984000 r-xp 00000000 03:03 1889025 /usr/lib/libpng12.so.0.1.2.8 00984000-00985000 rwxp 00026000 03:03 1889025 /usr/lib/libpng12.so.0.1.2.8 00a2c000-00a37000 r-xp 00000000 03:03 1525118 /lib/libgcc_s-4.1.0-20060304.so .1 00a37000-00a38000 rwxp 0000a000 03:03 1525118 /lib/libgcc_s-4.1.0-20060304.so .1 00a5e000-00a5f000 r-xp 00a5e000 00:00 0 [vdso] 00d8a000-00dad000 r-xp 00000000 03:03 1523577 /lib/libm-2.4.so 00dad000-00dae000 r-xp 00022000 03:03 1523577 /lib/libm-2.4.so 00dae000-00daf000 rwxp 00023000 03:03 1523577 /lib/libm-2.4.so 08048000-0808a000 r-xp 00000000 03:03 1886170 /usr/bin/dvipdfm 0808a000-0808d000 rw-p 00042000 03:03 1886170 /usr/bin/dvipdfm 0808d000-08095000 rw-p 0808d000 00:00 0 093b6000-09490000 rw-p 093b6000 00:00 0 [heap] b7fc3000-b7fc5000 rw-p b7fc3000 00:00 0 b7fdb000-b7fdc000 rw-p b7fdb000 00:00 0 b7fdd000-b7fe0000 rw-p b7fdd000 00:00 0 bfccb000-bfce0000 rw-p bfccb000 00:00 0 [stack] Aborted Expected results: A .pdf which is similar to the input .dvi file Additional info:
Works for me: $ dvipdfm file.dvi file.dvi -> file.pdf [1] 11445 bytes written Could you attach a dvi file that makes dvipdfm crash?
Created attachment 131009 [details] A sample .dvi file This is a simple .dvi file obtained by running TeX on a .tex file which contains the following: hi \bye
Sorry, I'm still unable to reproduce it even if I installed tetex to a new clean FC5 chroot and updated tetex to 3.0.19.fc5. Could you please install: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/i386/debug/tetex-debuginfo-3.0-19.fc5.i386.rpm and send me a backtrace including debug info? I mean the output of: gdb --args dvipdfm file.dvi run bt
Created attachment 131095 [details] dvipdfm backtrace This is a backtrace on the test.dvi attached earlier thank you for following this up :)
whoops! the backtrace that i posted was NOT for tetex-debuginfo-3.0-19.fc5.i386.rpm :( will install the package with debuginfo and post the backtrace soon
Created attachment 131116 [details] dvipdfm backtrace This is a backtrace by running dvipdfm on test.dvi (mentioned earlier) (note: [user@localhost ~]$ rpm -q tetex tetex-3.0-19.fc5 [user@localhost ~]$ rpm -q tetex-debuginfo tetex-debuginfo-3.0-19.fc5 )
Created attachment 131117 [details] Patch to fix the buffer overflow. Thanks, I can see it from the code now. It's an obvious sprintf buffer overflow. The size of date_string should be larger of one byte.
The patch is now applied in devel tetex-3.0-26.
thank you so much!