Red Hat Bugzilla – Bug 49848
povray segfaults on incorrect #macro definition
Last modified: 2008-05-01 11:38:00 EDT
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.19 i686; en-US; rv:0.9.1) Gecko/20010607 Description of problem: povray segfaults on a #macro definition lacking the () paramter parenthesis. However, not on every such a #macro, it depends on statements preceeding the bad #macro. How reproducible: Always Steps to Reproduce: 1. Create a file crash-me.pov with following content: #include "colors.inc" #declare Description = "16bit heightfiled, rough, no smoothing" #declare FileName = "small" #declare LSDistance = 30; #macro LightSource0 light_source{<2*LSDistance,LSDistance,0> White} #end 2. run $ x-povray +Icrash-me.pov +Ocrash-me.png Actual Results: It prints following output and segfaults: Persistence of Vision(tm) Ray Tracer Version 3.1g.Linux.gcc This is an unofficial version compiled by: Red Hat Software <http://www.redhat.com> The POV-Ray Team(tm) is not responsible for supporting this version. Copyright 1999 POV-Ray Team(tm) Parsing Options Input file: crash-me.pov (compatible to version 3.1) Remove bounds........On Split unions........Off Library paths: /usr/lib/povray31 /usr/lib/povray31/include Output Options Image resolution 320 by 240 (rows 1 to 240, columns 1 to 320). Output file: crash-me.png, 24 bpp PNG Graphic display.....Off Mosaic preview......Off CPU usage histogram.Off Continued trace.....Off Allow interruption...On Pause when done.....Off Verbose messages....Off Tracing Options Quality: 9 Bounding boxes.......On Bounding threshold: 25 Light Buffer.........On Vista Buffer.........On Antialiasing........Off Radiosity...........Off Animation Options Clock value.... 0.000 (Animation off) Redirecting Options All Streams to console..........On Debug Stream to console.........On Fatal Stream to console.........On Render Stream to console........On Statistics Stream to console....On Warning Stream to console.......On Parsing....#declare LSDistance = 30; #macro LightSource0 light_source <----ERROR crash-me.pov:9: error: ( expected but light_source found instead. Segmentation fault (core dumped) Expected Results: Everything as in Actual results (including the error message at the end, which is correct), except the segfault. Additional info: Whether it crashes or not depends on what preceeds the bad #macro definition. So the example I send is one of the shortest files triggering the bug I was able to create, a #macro alone doesn't suffice.
I getting in tough with the maintainers of povray on this. You may want to do the same. Tim
The bug is near line 3153 tokenize.c (function Parse_Macro) you find New->Macro_Filename = NULL; New->Macro_Name=POV_STRDUP(Token.Token_String); GET (LEFT_PAREN_TOKEN); New->Num_Of_Pars=0; /* <<== BUG! */ change the order to New->Num_Of_Pars=0; /* Move here! */ New->Macro_Filename = NULL; New->Macro_Name=POV_STRDUP(Token.Token_String); GET (LEFT_PAREN_TOKEN); This should fix the crash later on in Destroy_Macro. -- Thorsten Froehlich, POV-Team
Thanks for the patch - unfortunately powertools has been discontinued, so there's no next release to fix this in.