New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

htmldoc crashes at ps-pdf.cxx::5188 #338

Closed
seanz2016 opened this Issue Oct 13, 2018 · 4 comments

Comments

Projects
None yet
2 participants
@seanz2016
Copy link

seanz2016 commented Oct 13, 2018

DTS_MSG: Stensal C/C++ DTS detected a fatal program error!
DTS_MSG: Continuing the execution will cause unexpected behaviors, abort!
DTS_MSG: Reading 1 bytes at 0xfffdf9bb will read undefined values.
DTS_MSG: Diagnostic information:

    The object to-be-read (start:0xfffdf9bc, size:10240 bytes) is allocated at

    file:/home/sbuilder/workspace/htmldoc/htmldoc/ps-pdf.cxx::4640, 10

                              0xfffdf9bc               0xfffe21bb

                              +------------------------+

                        ......| the object  to-be-read |

                              +------------------------+

                           ^~~~~~~~~~

    the read starts at 0xfffdf9bb that is 1 bytes before the object start.
    Stack trace (most recent call first):
    -[1] file:/home/sbuilder/workspace/htmldoc/htmldoc/ps-pdf.cxx::5188, 17
    -[2] file:/home/sbuilder/workspace/htmldoc/htmldoc/ps-pdf.cxx::4465, 5
    -[3] file:/home/sbuilder/workspace/htmldoc/htmldoc/ps-pdf.cxx::4129, 11
    -[4] file:/home/sbuilder/workspace/htmldoc/htmldoc/ps-pdf.cxx::4181, 11
    -[5] file:/home/sbuilder/workspace/htmldoc/htmldoc/ps-pdf.cxx::4430, 13
    -[6] file:/home/sbuilder/workspace/htmldoc/htmldoc/ps-pdf.cxx::4430, 13
    -[7] file:/home/sbuilder/workspace/htmldoc/htmldoc/ps-pdf.cxx::4430, 13
    -[8] file:/home/sbuilder/workspace/htmldoc/htmldoc/ps-pdf.cxx::768, 3
    -[9] file:/home/sbuilder/workspace/htmldoc/htmldoc/htmldoc.cxx::1276, 3
@seanz2016

This comment has been minimized.

Copy link
Author

seanz2016 commented Oct 13, 2018

When running
../htmldoc/htmldoc --datadir .. --batch htmldoc.book -f htmldoc.pdf
or
../htmldoc/htmldoc --datadir .. --webpage 2-using.html -f t.pdf
near html code

    Note: HTMLDOC currently does not support HTML 4.0 features such as stylesheets or the STYLE element. 

htmldoc crashes at line 5188
if(lineptr[-1] == ' ')

because "line" buffer is empty, lineptr = line, lineptr is still pointed to at the beginning of "line" buffer

lineptr[-1] access outside of buffer "line" to cause htmldoc crash.
@michaelrsweet

This comment has been minimized.

Copy link
Owner

michaelrsweet commented Oct 13, 2018

What version of HTMLDOC are you building?

@seanz2016

This comment has been minimized.

Copy link
Author

seanz2016 commented Oct 14, 2018

i git clone master branch on 9/15/2018.
it crashes at line 5188

for today(10-13-2018)'s master branch
it crashes at line 5191 of ps-pdf.cxx

DTS_MSG: Stensal C/C++ DTS detected a fatal program error!
DTS_MSG: Continuing the execution will cause unexpected behaviors, abort!
DTS_MSG: Reading 1 bytes at 0xff87e11b will read undefined values.
DTS_MSG: Diagnostic information:

- The object to-be-read (start:0xff87e11c, size:10240 bytes) is allocated at
-     file:/home/sbuilder/htmldoc/htmldoc/ps-pdf.cxx::4643, 10
-                               0xff87e11c               0xff88091b
-                               +------------------------+
-                         ......| the object  to-be-read |
-                               +------------------------+
-                            ^~~~~~~~~~
-   the read starts at 0xff87e11b that is 1 bytes before the object start.
- Stack trace (most recent call first):
-[1]  file:/home/sbuilder/htmldoc/htmldoc/ps-pdf.cxx::5191, 17
-[2]  file:/home/sbuilder/htmldoc/htmldoc/ps-pdf.cxx::4468, 5
-[3]  file:/home/sbuilder/htmldoc/htmldoc/ps-pdf.cxx::4132, 11
-[4]  file:/home/sbuilder/htmldoc/htmldoc/ps-pdf.cxx::4184, 11
-[5]  file:/home/sbuilder/htmldoc/htmldoc/ps-pdf.cxx::4433, 13
-[6]  file:/home/sbuilder/htmldoc/htmldoc/ps-pdf.cxx::4433, 13
-[7]  file:/home/sbuilder/htmldoc/htmldoc/ps-pdf.cxx::4433, 13
-[8]  file:/home/sbuilder/htmldoc/htmldoc/ps-pdf.cxx::771, 3
-[9]  file:/home/sbuilder/htmldoc/htmldoc/htmldoc.cxx::1276, 3
-[10]  file:/musl-1.1.10/src/env/__libc_start_main.c::180, 11
make[1]: *** [Makefile:110: htmldoc.pdf] Segmentation fault (core dumped)
make: *** [Makefile:31: all] Error 1

michaelrsweet added a commit that referenced this issue Oct 16, 2018

@michaelrsweet

This comment has been minimized.

Copy link
Owner

michaelrsweet commented Oct 16, 2018

[master a648b31] Fix buffer underflow (Issue #338)

@michaelrsweet michaelrsweet self-assigned this Oct 16, 2018

@michaelrsweet michaelrsweet added this to the Stable milestone Oct 16, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment