<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Aug 12, 2021 at 3:33 PM Richard Copley <<a href="mailto:rcopley@gmail.com">rcopley@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 64-bit Windows systems, when MetaPost calls mpx_cleandir to delete<br>
temporary auxiliary files (e.g., from running TeX to format a label),<br>
it segfaults in RtlEnterCriticalSection.<br>
<br>
This affected, for example, the 64-bit binaries built by the MSYS2<br>
project. (See <<a href="https://github.com/msys2/MINGW-packages/pull/9350" rel="noreferrer" target="_blank">https://github.com/msys2/MINGW-packages/pull/9350</a>>.)<br>
It doesn't affect the 32-bit binaries shipped by the TexLive<br>
project.<br>
<br>
See mpx_cleandir in "mpxout.w". hFile is declared as long. The handle<br>
returned by _findfirst is stored there and truncated. Then it is<br>
sign-extended and passed to _findnext. There is a segfault when it is<br>
first dereferenced, which happens in RtlEnterCriticalSection.<br>
<br>
This can be fixed by changing "long" to "intptr_t" in mpx_cleandir.<br>
<br>
An example MetaPost program that leads to the crash:<br>
<br>
beginfig(0); label(btex $x$ etex, (0,0)); endfig; end;<br>
<br>
To reliably reproduce the crash, place the program in a file in an<br>
otherwise empty directory and run mpost.exe in that directory.<br>
<br>
Warm regards,<br>
Richard.<br>
--<br>
<a href="http://tug.org/metapost/" rel="noreferrer" target="_blank">http://tug.org/metapost/</a><br>
</blockquote></div><br clear="all"><div>Thank you, patch applied.</div><div>Committed revision 2173 on metapost repo.<br></div>-- <br><div dir="ltr" class="gmail_signature">luigi<br></div></div>