Fix uninitialized read in m-tx grep func
Raphael Isemann
teemperor at gmail.com
Mon Jul 25 15:18:22 CEST 2022
The m-tx `grep` function reads uninitialized stack memory. This patch
just sets the initial value to 1 which allows the while statement that
uses it uninitialized to run as before. See the annotated source code
below for where the bug is:
```
void grep(Char *source_, Char *pattern_, Char *target)
{
struct LOC_grep V;
[...]
// NOTE: All members aside from 'matching' initialized.
V.source = source_;
V.pattern = pattern_;
V.index = 0;
V.s = 1;
V.p = 1;
for (V.i = 0; V.i <= 9; V.i++) {
V.p1[V.i] = 1;
V.p2[V.i] = 0;
}
// NOTE: vvvvvvvv use of uninitialized member 'matching'.
while (V.matching && V.p <= strlen(V.pattern) && V.s <= strlen(V.source))
```
Note that the upstream m-tx repository seems to be written in pascal
but the problematic version in texlive is (auto translated?) C. That's
why I sent the patch here. Thanks!
- Raphael Isemann
-------------- next part --------------
A non-text attachment was scrubbed...
Name: texlive.diff
Type: text/x-patch
Size: 922 bytes
Desc: not available
URL: <https://tug.org/pipermail/tex-live/attachments/20220725/4ed21d1b/attachment.bin>
More information about the tex-live
mailing list.