New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Array overflow in plain_Label.asy #2
Comments
Are you using version 9.16 (or later) of Ghostscript? If not, updating Ghostscript will probably solve the problem. |
We are defaulting to the last version of Ghostscript under GPL for the obviouos license complications the AGPL creates. As such, the default is 9.06 and updating is not considered a valid solution. |
To the best of my knowledge, only Asymptote versions <= 2.31 are compatible with Ghostscript 9.06. The current version of Asymptote actually tests for Ghostscript version >= 9.14, although the test does not seem to be reliable. |
Can you enlighten us as to the not-so-obvious license reasons why upgrading Ghostscript is "not consider a valid solution" and who decided that? As Charles suggests, you could always downgrade both Ghostscript and Asymptote, but then you will not have the latest bug fixes and features in either software. Adding the additional bounds check you suggest just ignores the problem, rather than fixing it. Many features, including 3D font support and others, will not work. We could make asy call gs --version and include the old driver support for obsolete versions of gs, but I don't yet see a convincing reason to justify the coding effort and future maintanence hassles. |
According to http://www.ghostscript.com/download/gsdnld.html |
Please note that they are exclusively talking about the AGPL on that page. The last GPL version is 9.06. The AGPL is a no-go in many commercial settings as it now extends all the GPLv3 restrictions even to internal applications and as usual, the boundary between what is legally a derived work and what the FSF believes it to be is quite unclear. That said, the reason why I was originally looking at the update is that the older 2.15 version doesn't build either:
Full build log at http://ftp.netbsd.org/pub/pkgsrc/misc/joerg/20150827.1854/asymptote-2.15nb9/build.log |
Ok, I addressed this request with 3cf0adc |
In ab000e7 |
While trying to prepare an update for asymptote in pkgsrc to the 2.35 release, I am hitting an overflow in https://github.com/vectorgraphics/asymptote/blob/master/base/plain_Label.asy#L670. The build finishes with an additional check of
i < g.length
.I'm not sure that is correct. We still have a (local) patch for dealing with
TEXMFLOCAL
having more than one component, I don't know if that is related.The text was updated successfully, but these errors were encountered: