On Thu, Mar 28, 2019 at 10:55 PM Marcel Krüger <t...@2krueger.de> wrote:
> ---- On Thu, 28 Mar 2019 18:53:41 +0100 Hans Hagen <j.ha...@xs4all.nl> > wrote ---- > > On 3/28/2019 3:57 PM, Marcel Krüger wrote: > > > Hi, > > > > > > there are multiple issues memory issues in tprint: > > > > > > If the buffer passed to tprint only contains of to be escaped > characters, the `xmalloc(strlen(sss)*3)` is too small: The final `\0` can > not be written, so this causes a write into unallocated memory. > > > If t_flush_buffer is called for such a buffer at the last position, > there is an additional `\n` written, so `xmalloc(strlen(sss)*3+2)` is > needed. > > > > > > Additionally, the test `if (*buffer)` is used to test if there is > something to print left. If the parameter is empty, `*buffer` is never > written, so valgrind complains about `if (*buffer)` depending on > uninitialized memory. Instead, `if (i)` can be used: `i` is the length of > the written part of the buffer, so `i==0` iff there is nothing to write. > > > > > > A related problem is with `max_print_line`: > > > If the point where the line should be broken falls inside the escape > sequence of an escaped character, > > > the line limit is ignored. > > > This can be fixed by adding > > > > > > if (term_offset+2>=max_print_line) { > > > wterm_cr(); > > > term_offset=0; > > > } > > > > > > as in `wterm_char` also in tprint above `buffer[i++] = '^';`. > > > > > > A full patch fixing all three issues is attached. > > Can you give a plain tex example where the fault happens? Normally the > > max line length kicks in (3 chars) before such an overflow. > > Try > > \let\3\relax > \directlua{ > texio.write'\3'% Only to be escaped characters -> valgrind complains > about write into unallocated memory > > texio.write_nl'' > > for i=1,kpse.var_value'max_print_line'-3 do texio.write'.' end > texio.write'\3' % Here LuaTex writes 2 and not just 1 byte after it's > allocated memory area > > for i=1,kpse.var_value'max_print_line'-1 do texio.write'.' end > texio.write'\3' % The line break would fall inside of the escape > sequence -> Line limit ignored > for i=1,2*kpse.var_value'max_print_line' do texio.write'.' end % This > should normally not fit into one line > } > \bye > > > Ok, thank you very much for the example. -- luigi
_______________________________________________ dev-luatex mailing list dev-luatex@ntg.nl https://mailman.ntg.nl/mailman/listinfo/dev-luatex