#17 gocr 0.44 dumps core on invalid input, patch included

[Ian G Batten]

Solaris 10 x86, Sun shipped gcc (gcc (GCC) 3.4.3 (csl-sol210-3_4-branch+sol_rpath)), netpbm 10.26.41 compiled from source.

If gocr is invoked with something other than a pbm on stdin, it drops core.

gocr - < somefile.gif

Debugger shows:

#0 0xd2644c8c in strlen () from /lib/libc.so.1
#1 0xd269a2a6 in _ndoprnt () from /lib/libc.so.1
#2 0xd269ce2d in fprintf () from /lib/libc.so.1
#3 0xd2707d54 in pm_error (
format=0xd271fff0 "bad magic number - not a PAM, PPM, PGM, or PBM file")
at libpm.c:111
#4 0xd27159b9 in pnm_readpaminit (file=0x80d3968, pamP=0x803ea70, size=296)
at libpam.c:651
#5 0x080bbda5 in readpgm (name=0x8047dfd "-", p=0x803ec18, vvv=0) at pnm.c:178
#6 0x080531a4 in read_picture (job=0x803ec14) at gocr.c:301
#7 0x0805330b in main (argn=2, argv=0x8047d3c) at gocr.c:346

The core dump is caused by an attempt to printf pm_progname, which is set by various init routines, and is null. Tracing back to where it's supposedly set, I found that pnm_init was being called with &argv, when it should be argv. With that patch applied, the right things happens:

-bash-3.00$ gocr - < example.gif
gocr: bad magic number - not a PAM, PPM, PGM, or PBM file
-bash-3.00$

*** gocr.c Thu Mar 22 14:58:47 2007
--- /tmp/gocr-0.44/src/gocr.c Thu Mar 1 12:25:38 2007
***************
*** 125,131 ****
exit(0);
}
#ifdef HAVE_PGM_H
! pnm_init(&argn, argv);
#endif

/* process arguments */
--- 125,131 ----
exit(0);
}
#ifdef HAVE_PGM_H
! pnm_init(&argn, &argv);
#endif

/* process arguments */