[PATCH] Fix segmentation fault in dvipdfmx's pdfparse.c when handling object streams

David Carlisle d.p.carlisle at gmail.com
Fri Apr 4 11:12:43 CEST 2025 

If anyone is looking at pdfobj.c There is this assertion failure reported
(with no reproducible example)

https://tex.stackexchange.com/a/739668/1090

David


On Fri, 4 Apr 2025 at 04:25, Shuqiao Zhang <stevenjoezhang at gmail.com> wrote:

> Hi Karl,
>
> Thank you for the response, and apologies — this was my first time
> reaching out via mailing list, and I’ll make sure to use the correct
> mailing list in the future.
>
> The issue I encountered happened when using `\includegraphics` in TeX to
> import another PDF file. I’ve attached the related `.xdv` file and the PDF
> being included. (Note that the `.xdv` file may contain references to fonts
> included in the TeX Live 2025 environment, so it might require a full
> installation to reproduce the issue.)
>
> The segmentation fault occurs during the following command executed by
> latexmk:
>
>     xdvipdfmx -q -E -o "build/main.pdf" "build/main.xdv"
>
> Here is the version information:
>
>     $ latexmk --version
>     Latexmk, John Collins, 27 Dec. 2024. Version 4.86a
>     $ xdvipdfmx --version
>     This is xdvipdfmx Version 20250205 by the DVIPDFMx project team,
>     modified for TeX Live,
>     an extended version of DVIPDFMx, which in turn was
>     an extended version of dvipdfm-0.13.2c developed by Mark A. Wicks.
>
>     Copyright (C) 2002-2025 the DVIPDFMx project team
>     Copyright (C) 2006-2025 SIL International.
>
>     This is free software; you can redistribute it and/or modify
>     it under the terms of the GNU General Public License as published by
>     the Free Software Foundation; either version 2 of the License, or
>     (at your option) any later version.
>     $ uname -a
>     Linux epyc 6.8.0-56-generic #58-Ubuntu SMP PREEMPT_DYNAMIC Fri Feb 14
> 15:33:28 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
>     $ lsb_release -a
>     No LSB modules are available.
>     Distributor ID: Ubuntu
>     Description:    Ubuntu 24.04.2 LTS
>     Release:        24.04
>     Codename:       noble
>
> I hope this helps in reproducing the issue. For the functions related to
> the bug I discovered during debugging, please refer to the previous email.
>
> Additionally, it seems that this problem is also influenced by heap memory
> layout, which means there's a chance that xdvipdfmx doesn't crash if the
> out-of-bounds pointer happens to fall on a valid memory page. I repeated to
> run the command 10 times (on Ubuntu 24.04), and in 8 of them, xdvipdfmx
> crashed. I also ran tests on other systems, using fresh installed TeX Live
> 2025: the crash also happens on macOS with Intel x86-64 architecture (macOS
> 13.6.6 22G630), but on macOS with Apple Silicon (macOS 15.3.2 24D81),
> xdvipdfmx works fine.
>
> Best regards,
>
> Shuqiao Zhang
>
> Karl Berry <karl at freefriends.org> 于2025年4月4日周五 05:12写道:
>
>> Hi Shuqiao - thanks much for the report and patch. Please, please,
>> provide the .xdv file that causes the crash. Otherwise we cannot verify
>> it or make a test case.
>>
>> Also, for the future, (x)dvipdfm(x) reports are best sent to
>> dvipdfmx at tug.org, not the general tex-live list. There's no need to
>> resend this one, though.
>>
>> Thanks,
>> Karl
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://tug.org/pipermail/tex-live/attachments/20250404/feb6c769/attachment.htm>

More information about the tex-live mailing list.