[Dev-luatex] Multiple problems with tprint

Marcel Krüger tex at 2krueger.de
Thu Mar 28 15:51:57 CET 2019


Hi,

there are multiple issues memory issues in tprint:

If the buffer passed to tprint only contains of to be escaped characters, the `xmalloc(strlen(sss)*3)` is too small: The final `\0` can not be written, so this causes a write into unallocated memory.
If t_flush_buffer is called for such a buffer at the last position, there is an additional `\n` written, so `xmalloc(strlen(sss)*3+2)` is needed.

Additionally, the test `if (*buffer)` is used to test if there is something to print left. If the parameter is empty, `*buffer` is never written, so valgrind complains about `if (*buffer)` depending on uninitialized memory. Instead, `if (i)` can be used: `i` is the length of the written part of the buffer, so `i==0` iff there is nothing to write.

A related problem is with `max_print_line`:
If the point where the line should be broken falls inside the escape sequence of an escaped character,
the line limit is ignored.
This can be fixed by adding

        if (term_offset+2>=max_print_line) {
            wterm_cr();
            term_offset=0;
        }

as in `wterm_char` also in tprint above `buffer[i++] = '^';`.

A full patch fixing all three issues is attached.


Best regards
Marcel Krüger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: memorydiff.patch
Type: application/octet-stream
Size: 2077 bytes
Desc: not available
URL: <http://mailman.ntg.nl/pipermail/dev-luatex/attachments/20190328/d86d2de2/attachment.obj>


More information about the dev-luatex mailing list