Package: fig2dev
Version: 3.2.7a
fig2dev crashes when processing certain fig files.
The crash happens in "compute_closed_spline" when trying to process
specially formatted "closed approximated spline" figure.
Steps to reproduce:
fig2dev -L png compute_closed_spline.fig
ASAN output:
AddressSanitizer:DEADLYSIGNAL
=================================================================
==7007==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc
0x0000004fd10e bp 0x7ffdbc347150 sp 0x7ffdbc346ed0 T0)
==7007==The signal is caused by a READ memory access.
==7007==Hint: address points to the zero page.
#0 0x4fd10e in compute_closed_spline (/tmp/fig2dev+0x4fd10e)
#1 0x4fdba8 in create_line_with_spline (/tmp/fig2dev+0x4fdba8)
#2 0x4f154e in read_splineobject (/tmp/fig2dev+0x4f154e)
#3 0x4e9d8c in read_objects (/tmp/fig2dev+0x4e9d8c)
#4 0x4e8426 in readfp_fig (/tmp/fig2dev+0x4e8426)
#5 0x4e8238 in read_fig (/tmp/fig2dev+0x4e8238)
#6 0x4ddbfb in main (/tmp/fig2dev+0x4ddbfb)
#7 0x7fd39e9c50b2 in __libc_start_main
/build/glibc-YYA7BZ/glibc-2.31/csu/../csu/libc-start.c:308:16
#8 0x41c67d in _start (/tmp/fig2dev+0x41c67d)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/tmp/fig2dev+0x4fd10e) in
compute_closed_spline
==7007==ABORTING
I am sending "compute_closed_spline.fig" in attachment.
Kind regards,
--
David Petek
