Possible SEGV (null pointer dereferene) in tounicode.c
Karl Berry
karl at freefriends.org
Tue Aug 29 00:32:37 CEST 2023
undumpcharptr(gu->name);
...
result = avl_probe(glyph_unicode_tree, gu);
Under some conditions it appears that the undumpcharptr() macro can
"fail" in which case gu->name will be set to NULL
Thanks. I installed the patch below (r68100), also checking that the
next undumpcharptr, of gu->unicode_seq, is also non-NULL.
I can only reproduce this with pdflatex and the attached (corrupt)
pdflatex.fmt file, but the code appears to be part of the pdftex core.
I couldn't confirm with your pdflatex.fmt since "pdflatex.fmt made by
different executable version", but the problem seems clear enough, and
the fix (hopefully) harmless.
By the way, how did you find these things?? --thanks, karl.
--- tounicode.c (revision 68095)
+++ tounicode.c (working copy)
@@ -535,10 +535,17 @@ void undumptounicode(void)
void **result;
glyph_unicode_entry *gu = new_glyph_unicode_entry();
undumpcharptr(gu->name);
+ if (gu->name == NULL) {
+ pdftex_fail("undumpcharptr(gu->name) got NULL");
+ }
generic_undump(gu->code);
- if (gu->code == UNI_STRING)
+ if (gu->code == UNI_STRING) {
undumpcharptr(gu->unicode_seq);
+ if (gu->unicode_seq == NULL) {
+ pdftex_fail("undumpcharptr(gu->unicode_seq) got NULL");
+ }
+ }
result = avl_probe(glyph_unicode_tree, gu);
assert(*result == gu);
More information about the tex-live
mailing list.