bug in pslatex.trm in gnuplot

To: bug-gnuplot@cs.dartmouth.edu
Cc: debian-users <debian-user@lists.debian.org>
Subject: bug in pslatex.trm in gnuplot
From: Wojciech Zabolotny <wzab@ipebio15.ipe.pw.edu.pl>
Date: Sat, 3 Oct 1998 13:30:11 +0200 (CEST)
Message-id: <[🔎] Pine.LNX.3.96.981003132752.845A-100000@ipebio15.ipe.pw.edu.pl>

I've just stated that bug, which I've reported in Gnuplot beta347
(pre 3.6) occurs in gnuplot_3.5beta6.340 too :-(.
I didn't see it on the official gnuplot bugs' list, so I'm
sending my report once again.

---------- Forwarded message ----------
Date: Sun, 2 Aug 1998 01:01:58 +0200 (EEST)
From: Wojciech Zabolotny <wzab@ipe.pw.edu.pl>
To: bug-gnuplot@dartmouth.edu
Subject: Problems with "pslatex" terminal in gnuplot beta347 (pre3.6) in
Debian Linux 2.0 (hamm) (SOLVED !!!)

Hello gnuplot developers!

I have performed some additional experiments with the gnuplot, and my
data. I've linked the gnuplot with "electric-fence" library to find the 
instruction which overwrites the memory.
Below I present the output given by gdb after the failure:

gnuplot> set term pstex auxfile
Terminal type set to 'pstex'
Options are 'monochrome dashed rotate auxfile'
gnuplot> set output "phd_w4_s3_l10_wzneur.nsts.tex"
gnuplot> load "phd_w4_s3_l10_wzneur.nsts.gnuplot"

Program received signal SIGSEGV, Segmentation fault.
0x80a7cae in PSLATEX_init () at term/pslatex.trm:204
204                 strcpy(PSLATEX_psfile + (dotIndex-outstr) + 1,"ps");
(gdb) bt
#0  0x80a7cae in PSLATEX_init () at term/pslatex.trm:204
#1  0x808f7ae in term_init () at term.c:325
#2  0x80552b4 in do_plot (plots=0x40120fb8, pcount=3) at graphics.c:1165
#3  0x80779c2 in eval_plots () at plot2d.c:1335
#4  0x80743a7 in plotrequest () at plot2d.c:332
#5  0x804b84f in command () at command.c:539
#6  0x804afd1 in do_line () at command.c:287
#7  0x807209c in load_file (fp=0x4011af98,
    name=0xbffff96c "phd_w4_s3_l10_wzneur.nsts.gnuplot", can_do_args=0)
    at misc.c:1042
#8  0x804bd70 in command () at command.c:624
#9  0x804afd1 in do_line () at command.c:287
#10 0x804af4f in com_line () at command.c:262
#11 0x8073c25 in main (argc=1, argv=0xbffffda0) at plot.c:439

When I've analyzed the source in pslatex.trm, I've found following lines:

PSLATEX_psfile = gp_alloc(dotIndex - outstr + 3, "pslatex aux filename"); 
     if (PSLATEX_psfile) {
        strncpy(PSLATEX_psfile, outstr, dotIndex-outstr+1); /*including
.*/
        strcpy(PSLATEX_psfile + (dotIndex-outstr) + 1,"ps");

The problem is, that "strcpy" instruction writes three bytes: 'p','s' and
\0. The last byte is written after the end of PSLATEX_psfile buffer,
overwriting another variable... :-(
I have changed the 201st line in pslatex.trm in the following way:

PSLATEX_psfile = gp_alloc(dotIndex - outstr + 4, "pslatex aux filename");

Now everything works fine ! :-)

                                        Wojciech Zabolotny
                                        wzab@ipe.pw.edu.pl

Reply to:

Prev by Date: Re: Debian secretary not working...
Next by Date: Re: on libs for Netscape 4.06
Previous by thread: Re: NETSCAPE 3
Next by thread: ISDN: HOW TO start?
Index(es):
- Date
- Thread