Bug#1029150: toilet -E troff: Segmentation fault

2023-02-02 Thread Bernhard Übelacker 

#5  export_troff (bytes=0xd438, cv=0x56564ae0) at codec/export.c:1056



Dear Maintainer,
this crash happens because the array ansi2troff has
just 16 values, but gets accessed at value 32.
This value 32 originates from the constant CACA_TRANSPARENT.

With the below patch the crash could be avoided.

Kind regards,
Bernhard


https://sources.debian.org/src/libcaca/0.99.beta20-3/caca/codec/export.c/#L1056
1056 cur += sprintf(cur, "\\M[%s]", ansi2troff[bg]);



--- libcaca-0.99.beta20.orig/caca/codec/export.c
+++ libcaca-0.99.beta20/caca/codec/export.c
@@ -1052,7 +1052,7 @@ static void *export_troff(caca_canvas_t
 
 if(fg != prevfg || !started)

 cur += sprintf(cur, "\\m[%s]", ansi2troff[fg]);
-if(bg != prevbg || !started)
+if((bg != prevbg || !started) && bg != CACA_TRANSPARENT)
 cur += sprintf(cur, "\\M[%s]", ansi2troff[bg]);
 if(lineattr[x] & CACA_BOLD)
 cur += sprintf(cur, "\\fB");




benutzer@debian:~$ toilet -E troff foo
.nf
\m[black]
   m""
 mm#mm   mmmmmm
   ##" "#  #" "#
   ##   #  #   #
   #"#m#"  "#m#"
 
 
benutzer@debian:~$

Bug#1029150: toilet -E troff: Segmentation fault

2023-01-18 Thread Jakub Wilk 

Package: toilet
Version: 0.3-1.4

"toilet -E troff" crashes:

   $ toilet -E troff foo
   Segmentation fault

Backtrace:

#0  __GI_strlen () at ../sysdeps/i386/i586/strlen.S:50
#1  0xf7c5f7a9 in __vfprintf_internal (s=0xd28c, format=0xf7f93ba0 "\\M[%s]", 
ap=, mode_flags=6) at ./stdio-common/vfprintf-process-arg.c:397
#2  0xf7c75821 in __vsprintf_internal (string=0x56565f4d "\\M[ ", maxlen=4294967295, 
format=0xf7f93ba0 "\\M[%s]", args=0xd390 "\001", mode_flags=6) at 
./libio/iovsprintf.c:96
#3  0xf7d31532 in ___sprintf_chk (s=0x56565f4d "\\M[ ", flag=1, slen=4294967295, 
format=0xf7f93ba0 "\\M[%s]") at ./debug/sprintf_chk.c:40
#4  0xf7ee9fdb in sprintf (__fmt=0xf7f93ba0 "\\M[%s]", __s=0x56565f4d "\\M[ ") 
at /usr/include/i386-linux-gnu/bits/stdio2.h:38
#5  export_troff (bytes=0xd438, cv=0x56564ae0) at codec/export.c:1056
#6  caca_export_canvas_to_memory (cv=0x56564ae0, format=0xd82a "troff", 
bytes=0xd438) at codec/export.c:136
#7  0x56556a5d in render_flush (cx=cx@entry=0xd4ec) at ./src/render.c:157
#8  0x56556d9b in render_list (cx=0xd4ec, argc=1, argv=0xd630) at 
./src/render.c:128
#9  0x5655686f in main (argc=4, argv=0xd624) at ./src/main.c:194


-- System Information:
Architecture: i386

Versions of packages toilet depends on:
ii  libc6 2.36-8
ii  libcaca0  0.99.beta20-3
ii  toilet-fonts  0.3-1.4

Versions of packages toilet suggests:
ii  figlet  2.2.5-3

--
Jakub Wilk