[tex-k] patch to fix dvips crashes on macos with clang

Tomas Rokicki rokicki at gmail.com
Mon Aug 7 05:34:49 CEST 2017


This change looks good.  I wonder if there are any other such places in the
code; I remember using that trick a few places.

On Sun, Aug 6, 2017 at 4:40 PM, Darrin B. Jewell <dbj at mit.edu> wrote:

>
> I compiled dvips on a macos system running a recent clang:
>
> $ sw_vers
> ProductName:    Mac OS X
> ProductVersion: 10.12.5
> BuildVersion:   16F2073
>
> $ uname -a
> Darwin Quiteria.local 16.6.0 Darwin Kernel Version 16.6.0: Fri Apr 14
> 16:13:31 PDT 2017; root:xnu-3789.60.24~4/RELEASE_X86_64 x86_64
>
> $ clang --version
> Apple LLVM version 8.1.0 (clang-802.0.42)
> Target: x86_64-apple-darwin16.6.0
> Thread model: posix
>
> $ xcodebuild -version
> Xcode 8.3.3
> Build version 8E3004b
>
> Unfortunately, dvips crashes with an abort in strcpy (__strcpy_chk)
> because the clang compiler and libraries are adding extra buffer overflow
> checks in the implementation of strcpy when copying into the colordat
> field of struct colorpage.  Since the code treats this as a variable
> length field by mallocing extra room in the struct, the easy fix is
> to use the c99 syntax for specifying variable length fields in
> the end of structs.
>
> The patch below fixes the problem.
>
> Thanks,
> Darrin
>
> *** texlive-20170524-source.dist/texk/dvipsk/color.c    2016-11-25
> 10:08:46.000000000 -0800
> --- texlive-20170524-source/texk/dvipsk/color.c 2017-08-06
> 16:31:59.000000000 -0700
> ***************
> *** 37,43 ****
>      struct colorpage *next;
>      integer boploc; /* we use the bop loc as a page indicator */
>      char *bg;
> !    char colordat[2];
>   } *colorhash[COLORHASH];
>   static char *cstack, *csp, *cend, *bg;
>   /*
> --- 37,43 ----
>      struct colorpage *next;
>      integer boploc; /* we use the bop loc as a page indicator */
>      char *bg;
> !    char colordat[];
>   } *colorhash[COLORHASH];
>   static char *cstack, *csp, *cend, *bg;
>   /*
> ***************
> *** 216,222 ****
>         }
>      } else {
>         p = (struct colorpage *)mymalloc((integer)
> !                   (strlen(cstack) + sizeof(struct colorpage) +
> MAXCOLORLEN));
>         p->next = colorhash[h];
>         p->boploc = pageloc;
>         strcpy(p->colordat, cstack);
> --- 216,222 ----
>         }
>      } else {
>         p = (struct colorpage *)mymalloc((integer)
> !                   (strlen(cstack) + sizeof(struct colorpage) +
> MAXCOLORLEN + 2));
>         p->next = colorhash[h];
>         p->boploc = pageloc;
>         strcpy(p->colordat, cstack);
>



-- 
--  http://cube20.org/  --  http://golly.sf.net/  --
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tug.org/pipermail/tex-k/attachments/20170806/3b3755dd/attachment.html>


More information about the tex-k mailing list