dvipdfmx does not work on 9.04 (It killed by GCC Stack Smashing Protector)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dvipdfmx (Debian) |
Fix Released
|
Unknown
|
|||
dvipdfmx (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Jaunty |
Fix Released
|
High
|
Unassigned | ||
Karmic |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: dvipdfmx
Original Information is here(notes: it wrote in Japanese).
https:/
[Description]
dvipdfmx does not work anymore. exec dvipdsmx, that killed by gcc-SSP.
-------
[1*** stack smashing detected ***: dvipdfmx terminated
======= Backtrace: =========
/lib/tls/
/lib/tls/
dvipdfmx[0x805cdc5]
(snip)
-------
It caused by something missed array handling, this is not security vuln..
This is coding bug.
-------
in dvipdfmx-
-------
#define INPUT_BUF_SIZE 4096
#define CMAP_SIG_MAX 64
int
CMap_parse_
{
int result = -1;
char sig[CMAP_
if (!fp)
return -1;
rewind(fp);
if (fread(sig, sizeof(char), CMAP_SIG_MAX, fp) != CMAP_SIG_MAX)
result = -1;
else {
sig[
if (strncmp(sig, "%!PS", 4))
result = -1;
else if (strstr(sig+4, "Resource-CMap"))
result = 0;
}
rewind(fp);
return result;
}
-------
[How to Fix]
Apply patch.
[Notes]
9.04 -> Process killed by GCC Stack Smashing Protector
8.10, 8.04 -> Process is still lived, but 1bite missed allign overwrite cauesed...
[Appendix]
This bug still there in latest uprestreams(
http://
I'll contact original author(s).
Related branches
Changed in dvipdfmx (Debian): | |
status: | Unknown → New |
Changed in dvipdfmx (Debian): | |
status: | New → Fix Released |
tags: |
added: verification-done removed: verification-needed |
here is patch.