On Thu, Mar 28, 2019 at 10:55 PM Marcel Krüger <t...@2krueger.de> wrote:

>  ---- On Thu, 28 Mar 2019 18:53:41 +0100 Hans Hagen <j.ha...@xs4all.nl>
> wrote ----
>  > On 3/28/2019 3:57 PM, Marcel Krüger wrote:
>  > > Hi,
>  > >
>  > > there are multiple issues memory issues in tprint:
>  > >
>  > > If the buffer passed to tprint only contains of to be escaped
> characters, the `xmalloc(strlen(sss)*3)` is too small: The final `\0` can
> not be written, so this causes a write into unallocated memory.
>  > > If t_flush_buffer is called for such a buffer at the last position,
> there is an additional `\n` written, so `xmalloc(strlen(sss)*3+2)` is
> needed.
>  > >
>  > > Additionally, the test `if (*buffer)` is used to test if there is
> something to print left. If the parameter is empty, `*buffer` is never
> written, so valgrind complains about `if (*buffer)` depending on
> uninitialized memory. Instead, `if (i)` can be used: `i` is the length of
> the written part of the buffer, so `i==0` iff there is nothing to write.
>  > >
>  > > A related problem is with `max_print_line`:
>  > > If the point where the line should be broken falls inside the escape
> sequence of an escaped character,
>  > > the line limit is ignored.
>  > > This can be fixed by adding
>  > >
>  > >          if (term_offset+2>=max_print_line) {
>  > >              wterm_cr();
>  > >              term_offset=0;
>  > >          }
>  > >
>  > > as in `wterm_char` also in tprint above `buffer[i++] = '^';`.
>  > >
>  > > A full patch fixing all three issues is attached.
>  > Can you give a plain tex example where the fault happens? Normally the
>  > max line length kicks in (3 chars) before such an overflow.
>
> Try
>
> \let\3\relax
> \directlua{
>   texio.write'\3'% Only to be escaped characters -> valgrind complains
> about write into unallocated memory
>
>   texio.write_nl''
>
>   for i=1,kpse.var_value'max_print_line'-3 do texio.write'.' end
>   texio.write'\3' % Here LuaTex writes 2 and not just 1 byte after it's
> allocated memory area
>
>   for i=1,kpse.var_value'max_print_line'-1 do texio.write'.' end
>   texio.write'\3' % The line break would fall inside of the escape
> sequence -> Line limit ignored
>   for i=1,2*kpse.var_value'max_print_line' do texio.write'.' end % This
> should normally not fit into one line
> }
> \bye
>
>
>

Ok, thank you very much for the example.



-- 
luigi
_______________________________________________
dev-luatex mailing list
dev-luatex@ntg.nl
https://mailman.ntg.nl/mailman/listinfo/dev-luatex

Reply via email to