[metapost] Handle truncation in mpx_cleandir

luigi scarso luigi.scarso at gmail.com
Thu Aug 12 17:08:36 CEST 2021

On Thu, Aug 12, 2021 at 3:33 PM Richard Copley <rcopley at gmail.com> wrote:

> On 64-bit Windows systems, when MetaPost calls mpx_cleandir to delete
> temporary auxiliary files (e.g., from running TeX to format a label),
> it segfaults in RtlEnterCriticalSection.
> This affected, for example, the 64-bit binaries built by the MSYS2
> project. (See <https://github.com/msys2/MINGW-packages/pull/9350>.)
> It doesn't affect the 32-bit binaries shipped by the TexLive
> project.
> See mpx_cleandir in "mpxout.w". hFile is declared as long. The handle
> returned by _findfirst is stored there and truncated. Then it is
> sign-extended and passed to _findnext. There is a segfault when it is
> first dereferenced, which happens in RtlEnterCriticalSection.
> This can be fixed by changing "long" to "intptr_t" in mpx_cleandir.
> An example MetaPost program that leads to the crash:
>   beginfig(0); label(btex $x$ etex, (0,0)); endfig; end;
> To reliably reproduce the crash, place the program in a file in an
> otherwise empty directory and run mpost.exe in that directory.
> Warm regards,
> Richard.
> --
> http://tug.org/metapost/

Thank you, patch applied.
Committed revision 2173 on metapost repo.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://tug.org/pipermail/metapost/attachments/20210812/6e6cf4a9/attachment.html>

More information about the metapost mailing list.