You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
reproduce
./configure
make
./htmldoc -f ./check.ps [poc] double_free_945.zip
more info
=================================================================
==2347838==ERROR: AddressSanitizer: attempting double-free on 0x617000000e80 in thread T0:
#0 0x49764d in free (/home/chiba/htmldoc/check-sani/bin/htmldoc+0x49764d)
#1 0x50b90d in pspdf_export /home/chiba/htmldoc/htmldoc/ps-pdf.cxx:945:7
#2 0x4e03e3 in main /home/chiba/htmldoc/htmldoc/htmldoc.cxx:1291:3
#3 0x7fa4e656f0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
#4 0x41d85d in _start (/home/chiba/htmldoc/check-sani/bin/htmldoc+0x41d85d)
0x617000000e80 is located 0 bytes inside of 766-byte region [0x617000000e80,0x61700000117e)
freed by thread T0 here:
#0 0x49764d in free (/home/chiba/htmldoc/check-sani/bin/htmldoc+0x49764d)
#1 0x50b90d in pspdf_export /home/chiba/htmldoc/htmldoc/ps-pdf.cxx:945:7
#2 0x4e03e3 in main /home/chiba/htmldoc/htmldoc/htmldoc.cxx:1291:3
#3 0x7fa4e656f0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
previously allocated by thread T0 here:
#0 0x4978cd in malloc (/home/chiba/htmldoc/check-sani/bin/htmldoc+0x4978cd)
#1 0x5d4981 in htmlGetText /home/chiba/htmldoc/htmldoc/htmllib.cxx:2125:23
#2 0x586427 in parse_heading(tree_str*, float, float, float, float, float*, float*, int*, int) /home/chiba/htmldoc/htmldoc/ps-pdf.cxx:4599:28
#3 0x511582 in parse_doc(tree_str*, float*, float*, float*, float*, float*, float*, int*, tree_str*, int*) /home/chiba/htmldoc/htmldoc/ps-pdf.cxx:4197:11
#4 0x593fd1 in render_table_row(hdtable_t&, tree_str***, int, unsigned char*, float, float, float, float, float*, float*, int*) /home/chiba/htmldoc/htmldoc/ps-pdf.cxx:5829:9
#5 0x584778 in parse_table(tree_str*, float, float, float, float, float*, float*, int*, int) /home/chiba/htmldoc/htmldoc/ps-pdf.cxx:7111:5
#6 0x510e9d in parse_doc(tree_str*, float*, float*, float*, float*, float*, float*, int*, tree_str*, int*) /home/chiba/htmldoc/htmldoc/ps-pdf.cxx:4169:11
#7 0x50e351 in parse_doc(tree_str*, float*, float*, float*, float*, float*, float*, int*, tree_str*, int*) /home/chiba/htmldoc/htmldoc/ps-pdf.cxx:4083:9
#8 0x50e351 in parse_doc(tree_str*, float*, float*, float*, float*, float*, float*, int*, tree_str*, int*) /home/chiba/htmldoc/htmldoc/ps-pdf.cxx:4083:9
#9 0x50e351 in parse_doc(tree_str*, float*, float*, float*, float*, float*, float*, int*, tree_str*, int*) /home/chiba/htmldoc/htmldoc/ps-pdf.cxx:4083:9
#10 0x5098a4 in pspdf_export /home/chiba/htmldoc/htmldoc/ps-pdf.cxx:803:3
#11 0x4e03e3 in main /home/chiba/htmldoc/htmldoc/htmldoc.cxx:1291:3
#12 0x7fa4e656f0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
SUMMARY: AddressSanitizer: double-free (/home/chiba/htmldoc/check-sani/bin/htmldoc+0x49764d) in free
==2347838==ABORTING
The text was updated successfully, but these errors were encountered:
chibataiki
changed the title
Double free in function pspdf_export() in ps-pdf.cxx
Double free in function pspdf_export() in ps-pdf.cxx at line 945
May 17, 2021
Hi,
A double free was found in function pspdf_export() in ps-pdf.cxx at line 945.
Version:
1.9.12 commit [ee77825]
Env:
ubuntu 20.04 x86_64
clang version 11.0.0
reproduce
./configure
make
./htmldoc -f ./check.ps [poc]
double_free_945.zip
more info
The text was updated successfully, but these errors were encountered: