Bug#972692: marked as done (dvipng: Security - Floating point exception)

Debian Bug Tracking System Mon, 03 Mar 2025 02:54:20 -0800

Your message dated Mon, 03 Mar 2025 10:50:08 +0000
with message-id <[email protected]>
and subject line Bug#972692: fixed in dvipng 1.18-1
has caused the Debian Bug report #972692,
regarding dvipng: Security - Floating point exception
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
972692: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972692
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: dvipng
Version: 1.15-1.1
Severity: normal
Tags: security

Dear Maintainer,

dvipng crashes when converting the following file (crash.dvi). Crash
exists on versions 1.15-1.1/1.14-2. The crash was also reproduced in
1.15-1.1-b1 (from
https://software.pureos.net/package/bin/landing/dvipng).

Trace from crash (Debian Buster package with patches compiled with Address
Sanitizer - result is similar on Stretch):

$ ./dvipng-1.15/dvipng crash.dvi
This is ./dvipng-1.15/dvipng 1.15 Copyright 2002-2015 Jan-Ake Larsson
AddressSanitizer:DEADLYSIGNAL
=================================================================
==10180==ERROR: AddressSanitizer: FPE on unknown address 0x562b426b8eb2
(pc 0x562b426b8eb2 bp 0x7ffc43f99510 sp 0x7ffc43f994f0 T0)
    #0 0x562b426b8eb1 in DrawPage
(/home/ace/dvipng/dvipng-1.15/dvipng+0x2deb1) #1 0x562b426b98bf in
DrawPages (/home/ace/dvipng/dvipng-1.15/dvipng+0x2e8bf)
    #2 0x562b4269e8dd in main
(/home/ace/dvipng/dvipng-1.15/dvipng+0x138dd) #3 0x7f094a05009a in
__libc_start_main (/lib/x86_64-linux- gnu/libc.so.6+0x2409a)
    #4 0x562b4269e689 in _start
(/home/ace/dvipng/dvipng-1.15/dvipng+0x13689)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE
(/home/ace/dvipng/dvipng-1.15/dvipng+0x2deb1) in DrawPage
==10180==ABORTING

Trace from crash (gdb with peda plugin):

gdb-peda$ r ./crash.dvi
Starting program: /usr/bin/dvipng ./crash.dvi
[Thread debugging using libthread_db enabled]
Using host libthread_db library
"/lib/x86_64-linux-gnu/libthread_db.so.1". This is /usr/bin/dvipng 1.15
Copyright 2002-2015 Jan-Ake Larsson

Program received signal SIGFPE, Arithmetic exception.

[----------------------------------registers-----------------------------------]
RAX: 0x0
RBX: 0x5555555bc200 --> 0x0
RCX: 0x0
RDX: 0x0
RSI: 0x0
RDI: 0x555555575c50 --> 0x0
RBP: 0xa ('\n')
RSP: 0x7fffffffe090 --> 0x0
RIP: 0x55555555c3a7 (idiv   r9d)
R8 : 0x555555574220 --> 0x0
R9 : 0x0
R10: 0x0
R11: 0x1
R12: 0x555555558830 (xor    ebp,ebp)
R13: 0x5555555bc228 --> 0x0
R14: 0x0
R15: 0x0
EFLAGS: 0x10246 (carry PARITY adjust ZERO sign trap INTERRUPT direction
overflow)
[-------------------------------------code-------------------------------------]
   0x55555555c3a2:      sub    edx,eax
   0x55555555c3a4:      mov    eax,edx
   0x55555555c3a6:      cdq
=> 0x55555555c3a7:      idiv   r9d
   0x55555555c3aa:      neg    eax
   0x55555555c3ac:      mov    DWORD PTR [r8+0x18],eax
   0x55555555c3b0:      test   esi,esi
   0x55555555c3b2:      jg     0x55555555c30e
[------------------------------------stack-------------------------------------]
0000| 0x7fffffffe090 --> 0x0
0008| 0x7fffffffe098 --> 0x5555555bc200 --> 0x0
0016| 0x7fffffffe0a0 --> 0xa ('\n')
0024| 0x7fffffffe0a8 --> 0x55555555c604 (mov    rdi,rbx)
0032| 0x7fffffffe0b0 --> 0x2
0040| 0x7fffffffe0b8 --> 0xa ('\n')
0048| 0x7fffffffe0c0 --> 0x7fffffffe300 --> 0x2
0056| 0x7fffffffe0c8 --> 0x0
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGFPE
0x000055555555c3a7 in ?? ()

Kind regards,

Antoine


-- System Information:
Debian Release: 10.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-12-amd64 (SMP w/1 CPU core)
Kernel taint flags: TAINT_CRAP
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages dvipng depends on:
ii  ghostscript                          9.27~dfsg-2+deb10u4
ii  libc6                                2.28-10
ii  libfreetype6                         2.9.1-3+deb10u1
ii  libgd3                               2.2.5-5.2
ii  libkpathsea6                         2018.20181218.49446-1
ii  libpng16-16                          1.6.36-6
ii  texlive-binaries [texlive-base-bin]  2018.20181218.49446-1
ii  zlib1g                               1:1.2.11.dfsg-1

dvipng recommends no packages.

dvipng suggests no packages.

-- no debconf information

crash.dvi
Description: crash.dvi

--- End Message ---

--- Begin Message ---

Source: dvipng
Source-Version: 1.18-1
Done: Hilmar Preuße <[email protected]>

We believe that the bug you reported is fixed in the latest version of
dvipng, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hilmar Preuße <[email protected]> (supplier of updated dvipng package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 21 Feb 2025 09:52:23 +0100
Source: dvipng
Architecture: source
Version: 1.18-1
Distribution: unstable
Urgency: medium
Maintainer: Debian TeX maintainers <[email protected]>
Changed-By: Hilmar Preuße <[email protected]>
Closes: 972692 1028237 1030069 1044766
Changes:
 dvipng (1.18-1) unstable; urgency=medium
 .
   * Team upload.
 .
   [ Andreas Tille ]
   * Maintain package in TeX team
   * New Homepage
   * d/copyright: DEP5 + review
   * Switch from cdbs to dh
   * Standards-Version: 4.7.0 (routine-update)
   * debhelper-compat 13 (routine-update)
   * Build-Depends: s/libfreetype6-dev/libfreetype-dev/
   * Depends: s/texlive-base-bin/texlive-base/
     Closes: #1030069
   * Propagate hardening options
   * Fix clean target
     Closes: #1044766
   * Add d/gbp.conf file
 .
   [ Hilmar Preuße ]
   * New upstream version (Closes: #1028237)
     - Fix division by zero error if DVI magnification too large
       (Closes: #972692)
   * Fix watch file, add tar ball signature check
   * Replace Dep s/texlive-binaries/texlive-base/
   * Add d/gbp.conf file
Checksums-Sha1:
 cadf681adbc74df9b673d797e741587b12de1580 2220 dvipng_1.18-1.dsc
 6194f91d320981d7d5e141c0e660ce8f95405623 203401 dvipng_1.18.orig.tar.gz
 2185514234e01db9f04eb31ba08bea78f7a12396 866 dvipng_1.18.orig.tar.gz.asc
 b5c9de7754f0270174d9f3a80a1f5a1f5ee040d9 9092 dvipng_1.18-1.debian.tar.xz
 b09f4ba01a14f3123e07aa8b11ad281ad248af60 11469 dvipng_1.18-1_amd64.buildinfo
Checksums-Sha256:
 72fceef0cddc23019cf7b63356103d4c063678d6cbb35a12333436b5a4a0488b 2220 
dvipng_1.18-1.dsc
 20ca6462f9841f0171f868dcb923560e8e9d37c038619e22b0ef69d77d66e97d 203401 
dvipng_1.18.orig.tar.gz
 252467edc74c04efc749c5aca17162f2d8a7c6f17dcf03ba6a1169247c6d5ea6 866 
dvipng_1.18.orig.tar.gz.asc
 1531f9c2e012f95d46b01dbda1627edcb53264e8b6b5ed31a710e22a649f3b53 9092 
dvipng_1.18-1.debian.tar.xz
 db2ead4ab9e245ffc670720369e85490119cf07b296b224ae4f6e9f666a9dd42 11469 
dvipng_1.18-1_amd64.buildinfo
Files:
 1a2d346e84835da56d570f823a7c13a8 2220 utils optional dvipng_1.18-1.dsc
 cf923389ef39b7ab318fd16ccfa4e234 203401 utils optional dvipng_1.18.orig.tar.gz
 7665bf1d2ea8263ffbb2dd7db3498ee7 866 utils optional dvipng_1.18.orig.tar.gz.asc
 971b97eb3a2412f273d421f06ca5ade3 9092 utils optional 
dvipng_1.18-1.debian.tar.xz
 4f424f97f234cfa92a76923709f0b5af 11469 utils optional 
dvipng_1.18-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEE8fAHMgoDVUHwpmPKV4oElNHGRtEFAme4THgRHHRpbGxlQGRl
Ymlhbi5vcmcACgkQV4oElNHGRtFvrg//astn4e9EVcuBJwtW2ur7omGqk/38UKGu
4rs1IC54RrLbJHXn7AnAwjxPwO11gg16sDbAhMaUIGNySo28BMmE1W6hrZYsCX9/
kH9l/M/yBDL4QjeIv8w7KIzAwgi/0EuKOazhqRfubnWWL6MZojeVEVedeFC4UO+D
ecK7moZDwdTx7p4IaYhfirhNkVhOh7Sd9BLiBNELUubUn6W96a8PfLQcT8UtSXwA
ZyZ15W5PFOD+IzOYTNCyGUIwvXMGtLey4ZaJifP5mOz3sBwqTOcuuwI/uMlQpJX/
BnKL6BlCaFIpM/SkHaUWQDD4ARoIRexuL5uIKEp/RVUaEZgeNn2YMnjYVoE7LaLJ
5vr60enUpqOWRvAiH4MNtTZWQ5OiX0+mdKHudsctaxDfsPHU6jCNtL6ykmgyWOif
v5QHu/RLSGWjknijkqnx0fS5t5bHKwCt2U9tNbgf/Va0MdRzsZ6z9us7Nktqbmva
VblMcwfeNOHN91FeopPgAbRqkQp875heuT9n3sO+XvuU+Z86cepJfduxs7h2rSbi
JNK7EfuzoyyDo+/w7/EAlT/cFs00j8hf7kbXMtFBombu5qt4l7Px8e0fsrPgYXOn
crwHtFr9InxiB/fWEjRTXk7kQUPySDWoQ/yXByEaFEkd2Z4cT7fbXe77gucOt9Ju
OWROORR37Q8=
=+1Ca
-----END PGP SIGNATURE-----

pgpItA6gJ3c_z.pgp
Description: PGP signature

--- End Message ---

Bug#972692: marked as done (dvipng: Security - Floating point exception)

Reply via email to