pdfTeX hang prevention












14















I am faced with pdfTex hanging problem and and looking for a workaround if exists. For example, I know that the following formula expression is mistyped, but I dont know why pdfTex is frozen(possibly infinite loop) instead of quting nicely? Is there a workaround? Because in case of an erronous input, I don't want to restart my server.

edit: as comments suggest, problem is clarified.



documentclass{article}
usepackage{graphicx}
usepackage{draftwatermark}
usepackage{breqn}
usepackage{amsmath}
SetWatermarkText{FAST MATH}
SetWatermarkScale{2}
SetWatermarkVerCenter{0.6paperheight}
SetWatermarkAngle{30}

begin{document}

section{Input}
$left. begin{array} { l } { a ) A = { 2 $
section{Solution}
${a: 0}$
end{document}









share|improve this question




















  • 1





    Try running pdflatex with the -halt-on-error commandline option.

    – Eric Marsden
    Nov 22 '18 at 17:26






  • 2





    you can't avoid all loops, setup your server so that it times out if necessary.

    – Ulrike Fischer
    Nov 22 '18 at 17:52






  • 5





    It seems, in your comments here and to other answers, that your question has more to do with how to handle a condition where a program you're creating/writing has problems when pdflatex hangs due to invalid input; rather than asking what is wrong with the sample input. If so ... you might want to edit this question and its title appropriately to describe what you're really trying to ask. And it may even be the case that this is more appropriately handled elsewhere on Stack Exchange, for example, at Stack Overflow.

    – davidbak
    Nov 22 '18 at 22:08






  • 4





    You might be interested in Using module 'subprocess' with timeout to timeout a process called from python. If you're allowing arbitrary unchecked code in your document, I hope you have your TeX installation set up with the highest security settings.

    – Nicola Talbot
    Nov 22 '18 at 22:35






  • 7





    @heral it is provably impossible in any non trivial programming language to avoid or detect all loops. This is the "Turing halting problem", the halt on error suggestion will stop tex if there is an error but it is easy to make tex loop in non-error cases, deffoo{foo}foo for example.

    – David Carlisle
    Nov 23 '18 at 0:52
















14















I am faced with pdfTex hanging problem and and looking for a workaround if exists. For example, I know that the following formula expression is mistyped, but I dont know why pdfTex is frozen(possibly infinite loop) instead of quting nicely? Is there a workaround? Because in case of an erronous input, I don't want to restart my server.

edit: as comments suggest, problem is clarified.



documentclass{article}
usepackage{graphicx}
usepackage{draftwatermark}
usepackage{breqn}
usepackage{amsmath}
SetWatermarkText{FAST MATH}
SetWatermarkScale{2}
SetWatermarkVerCenter{0.6paperheight}
SetWatermarkAngle{30}

begin{document}

section{Input}
$left. begin{array} { l } { a ) A = { 2 $
section{Solution}
${a: 0}$
end{document}









share|improve this question




















  • 1





    Try running pdflatex with the -halt-on-error commandline option.

    – Eric Marsden
    Nov 22 '18 at 17:26






  • 2





    you can't avoid all loops, setup your server so that it times out if necessary.

    – Ulrike Fischer
    Nov 22 '18 at 17:52






  • 5





    It seems, in your comments here and to other answers, that your question has more to do with how to handle a condition where a program you're creating/writing has problems when pdflatex hangs due to invalid input; rather than asking what is wrong with the sample input. If so ... you might want to edit this question and its title appropriately to describe what you're really trying to ask. And it may even be the case that this is more appropriately handled elsewhere on Stack Exchange, for example, at Stack Overflow.

    – davidbak
    Nov 22 '18 at 22:08






  • 4





    You might be interested in Using module 'subprocess' with timeout to timeout a process called from python. If you're allowing arbitrary unchecked code in your document, I hope you have your TeX installation set up with the highest security settings.

    – Nicola Talbot
    Nov 22 '18 at 22:35






  • 7





    @heral it is provably impossible in any non trivial programming language to avoid or detect all loops. This is the "Turing halting problem", the halt on error suggestion will stop tex if there is an error but it is easy to make tex loop in non-error cases, deffoo{foo}foo for example.

    – David Carlisle
    Nov 23 '18 at 0:52














14












14








14


2






I am faced with pdfTex hanging problem and and looking for a workaround if exists. For example, I know that the following formula expression is mistyped, but I dont know why pdfTex is frozen(possibly infinite loop) instead of quting nicely? Is there a workaround? Because in case of an erronous input, I don't want to restart my server.

edit: as comments suggest, problem is clarified.



documentclass{article}
usepackage{graphicx}
usepackage{draftwatermark}
usepackage{breqn}
usepackage{amsmath}
SetWatermarkText{FAST MATH}
SetWatermarkScale{2}
SetWatermarkVerCenter{0.6paperheight}
SetWatermarkAngle{30}

begin{document}

section{Input}
$left. begin{array} { l } { a ) A = { 2 $
section{Solution}
${a: 0}$
end{document}









share|improve this question
















I am faced with pdfTex hanging problem and and looking for a workaround if exists. For example, I know that the following formula expression is mistyped, but I dont know why pdfTex is frozen(possibly infinite loop) instead of quting nicely? Is there a workaround? Because in case of an erronous input, I don't want to restart my server.

edit: as comments suggest, problem is clarified.



documentclass{article}
usepackage{graphicx}
usepackage{draftwatermark}
usepackage{breqn}
usepackage{amsmath}
SetWatermarkText{FAST MATH}
SetWatermarkScale{2}
SetWatermarkVerCenter{0.6paperheight}
SetWatermarkAngle{30}

begin{document}

section{Input}
$left. begin{array} { l } { a ) A = { 2 $
section{Solution}
${a: 0}$
end{document}






errors






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 24 '18 at 16:35







heral

















asked Nov 22 '18 at 17:21









heralheral

766




766








  • 1





    Try running pdflatex with the -halt-on-error commandline option.

    – Eric Marsden
    Nov 22 '18 at 17:26






  • 2





    you can't avoid all loops, setup your server so that it times out if necessary.

    – Ulrike Fischer
    Nov 22 '18 at 17:52






  • 5





    It seems, in your comments here and to other answers, that your question has more to do with how to handle a condition where a program you're creating/writing has problems when pdflatex hangs due to invalid input; rather than asking what is wrong with the sample input. If so ... you might want to edit this question and its title appropriately to describe what you're really trying to ask. And it may even be the case that this is more appropriately handled elsewhere on Stack Exchange, for example, at Stack Overflow.

    – davidbak
    Nov 22 '18 at 22:08






  • 4





    You might be interested in Using module 'subprocess' with timeout to timeout a process called from python. If you're allowing arbitrary unchecked code in your document, I hope you have your TeX installation set up with the highest security settings.

    – Nicola Talbot
    Nov 22 '18 at 22:35






  • 7





    @heral it is provably impossible in any non trivial programming language to avoid or detect all loops. This is the "Turing halting problem", the halt on error suggestion will stop tex if there is an error but it is easy to make tex loop in non-error cases, deffoo{foo}foo for example.

    – David Carlisle
    Nov 23 '18 at 0:52














  • 1





    Try running pdflatex with the -halt-on-error commandline option.

    – Eric Marsden
    Nov 22 '18 at 17:26






  • 2





    you can't avoid all loops, setup your server so that it times out if necessary.

    – Ulrike Fischer
    Nov 22 '18 at 17:52






  • 5





    It seems, in your comments here and to other answers, that your question has more to do with how to handle a condition where a program you're creating/writing has problems when pdflatex hangs due to invalid input; rather than asking what is wrong with the sample input. If so ... you might want to edit this question and its title appropriately to describe what you're really trying to ask. And it may even be the case that this is more appropriately handled elsewhere on Stack Exchange, for example, at Stack Overflow.

    – davidbak
    Nov 22 '18 at 22:08






  • 4





    You might be interested in Using module 'subprocess' with timeout to timeout a process called from python. If you're allowing arbitrary unchecked code in your document, I hope you have your TeX installation set up with the highest security settings.

    – Nicola Talbot
    Nov 22 '18 at 22:35






  • 7





    @heral it is provably impossible in any non trivial programming language to avoid or detect all loops. This is the "Turing halting problem", the halt on error suggestion will stop tex if there is an error but it is easy to make tex loop in non-error cases, deffoo{foo}foo for example.

    – David Carlisle
    Nov 23 '18 at 0:52








1




1





Try running pdflatex with the -halt-on-error commandline option.

– Eric Marsden
Nov 22 '18 at 17:26





Try running pdflatex with the -halt-on-error commandline option.

– Eric Marsden
Nov 22 '18 at 17:26




2




2





you can't avoid all loops, setup your server so that it times out if necessary.

– Ulrike Fischer
Nov 22 '18 at 17:52





you can't avoid all loops, setup your server so that it times out if necessary.

– Ulrike Fischer
Nov 22 '18 at 17:52




5




5





It seems, in your comments here and to other answers, that your question has more to do with how to handle a condition where a program you're creating/writing has problems when pdflatex hangs due to invalid input; rather than asking what is wrong with the sample input. If so ... you might want to edit this question and its title appropriately to describe what you're really trying to ask. And it may even be the case that this is more appropriately handled elsewhere on Stack Exchange, for example, at Stack Overflow.

– davidbak
Nov 22 '18 at 22:08





It seems, in your comments here and to other answers, that your question has more to do with how to handle a condition where a program you're creating/writing has problems when pdflatex hangs due to invalid input; rather than asking what is wrong with the sample input. If so ... you might want to edit this question and its title appropriately to describe what you're really trying to ask. And it may even be the case that this is more appropriately handled elsewhere on Stack Exchange, for example, at Stack Overflow.

– davidbak
Nov 22 '18 at 22:08




4




4





You might be interested in Using module 'subprocess' with timeout to timeout a process called from python. If you're allowing arbitrary unchecked code in your document, I hope you have your TeX installation set up with the highest security settings.

– Nicola Talbot
Nov 22 '18 at 22:35





You might be interested in Using module 'subprocess' with timeout to timeout a process called from python. If you're allowing arbitrary unchecked code in your document, I hope you have your TeX installation set up with the highest security settings.

– Nicola Talbot
Nov 22 '18 at 22:35




7




7





@heral it is provably impossible in any non trivial programming language to avoid or detect all loops. This is the "Turing halting problem", the halt on error suggestion will stop tex if there is an error but it is easy to make tex loop in non-error cases, deffoo{foo}foo for example.

– David Carlisle
Nov 23 '18 at 0:52





@heral it is provably impossible in any non trivial programming language to avoid or detect all loops. This is the "Turing halting problem", the halt on error suggestion will stop tex if there is an error but it is easy to make tex loop in non-error cases, deffoo{foo}foo for example.

– David Carlisle
Nov 23 '18 at 0:52










4 Answers
4






active

oldest

votes


















2














If you run pdflatex with the -halt-on-error commandline option, it won't enter the debugger on error. That is generally much more convenient for "batch mode" use of LaTeX.






share|improve this answer































    15














    The issue can be reproduced with a smaller example, showing it has nothing to do with the loaded packages:



    documentclass{article}

    begin{document}

    $left. begin{array} { l } { a ) A = { 2 $

    section{Solution}
    ${a: 0}$

    end{document}


    The errors in the math formula, followed by the section title, make TeX enter an infinite loop announced by



    ! LaTeX Error: begin{array} on input line 7 ended by end{document}.

    See the LaTeX manual or LaTeX Companion for explanation.
    Type H <return> for immediate help.
    ...

    l.12 end{document}

    ?

    ! Improper prevdepth.
    newpage ...everypar {}fi par ifdim prevdepth
    >z@ vskip -ifdim prevd...
    l.12 end{document}


    The missing end{array} causes par to still be defined as “do nothing” like it always is in array. Since the error recovery here is to try doing end{document}, LaTeX tries to finish up the page issuing par, which does nothing.



    If we add tracingmacros=1, after the last error message we see, in the log file after interrupting the program, a string of



    par ->

    par ->

    par ->

    par ->

    par ->


    Solution: don't make silly errors in your input.



    Another solution could be running pdflatex with the option -halt-on-error, which would stop it at the first error.



    However, this is not foolproof. If the user has deffoo{foo} in their preamble, then the first usage of foo in the document would start an infinite loop with no error.






    share|improve this answer





















    • 3





      "Solution: don't make silly errors in your input." unfortuntely this is unavoidable as I explained.

      – heral
      Nov 22 '18 at 18:02



















    5














    This is an answer to the actual problem of running TeX as a subprocess on a document that contains user supplied code that you have no control over (rather than focusing on the particular example you've provided).



    As already mentioned by others, it's trivially easy to trigger an infinite loop in TeX without generating any errors. Your example shows a plausible user mistake (forgetting the end of an environment) but you also need to guard against a malicious user deliberately triggering an infinite loop.



    Whenever you have an application or script that spawns a subprocess that has the potential to run indefinitely it's a good idea to include a timeout. Since you're using Python, you might find the answers to Using module 'subprocess' with timeout useful.



    There are, however, other types of malicious code that you need to consider. There were some significant improvements made in both TeX Live and MikTeX in 2010 to improve security, but there have also been some more recent fixes, such as:




    • Buffer overflow in texlive-bin allowed arbitrary code execution when a malicious Type 1 font is loaded.

    • Incorrect handling of certain files in TeX Live on Ubuntu 14.04 LTS


    So make sure you have an up-to-date TeX distribution.



    The security settings for TeX Live are in the texmf.cnf configuration file. There are two of these files by default and their locations can be found with kpsewhich -a texmf.cnf. One contains the default settings that shouldn't be modified. The other can be used to override specific settings if required.



    The security settings for MikTeX are in the miktex.ini file.



    The main source for concern is the shell escape (write18). There are three modes:




    • Disabled (shell_escape=f in the texmf.cnf file or use -no-shell-escape when running TeX). This will prevent any systems commands from being called by TeX. This is the most secure mode.

    • Restricted (shell_escape=p in the texmf.cnf file). This imposes the following restrictions on write18:


      • Certain characters are forbidden (such as ' and ;) to prevent injection.

      • Only applications on the trusted list can be run. These are identified in the shell_escape_commands setting in the texmf.cnf file. You can list them with kpsewhich -var-value=shell_escape_commands There are currently eight: bibtex, bibtex8, extractbb, gregorio, kpsewhich, makeindex, repstopdf, texosquery-jre8. These have been evaluated by the TeX Live security team and determined to be safe. (It is, however, possible to still misuse this setting with destructive effect, as I recently demonstrated in the UK TUG meeting.)



    • Unrestricted (shell_escape=t in the texmf.cnf file or use -shell-escape when running TeX). This allows any system command to be called and is therefore insecure.


    Another area of concern are the file I/O operations, which are essential to common document build requirements (such as generating table of contents, cross-referencing and indexes) but can be misused. In addition to the operating system's native file permissions, TeX also has settings to determine whether read or write access is allowed.



    The texmf.cnf file has two settings openin_any and openout_any that may take one of the following values:





    • a: any file allowed (if permitted by the operating system);


    • r: (restricted) hidden dot files not allowed;


    • p: (paranoid) hidden dot files not allowed, and disallow going to parent directories (..) and restrict absolute paths to be under $TEXMFOUTPUT.


    The default values are:



    openin_any = a
    openout_any = p


    The paranoid setting prevents files from being acessed outside of the current working path (the directory that TeX was called from).



    For example, suppose you are running TeX on a web server and suppose your home directory on that server is /home/foo and the root for your website is /home/foo/public_html (so, for example, if your website is www.example.com then www.example.com/index.php corresponds to the file /home/foo/public_html/index.php).



    If you run TeX from your home directory (/home/foo) then, even with the paranoid setting, malicious code added to your document can overwrite public_html/index.php (if it's not protected by the filing system). Your website's home page is now corrupted.



    With the file read operation, if the user gets to see the generated PDF, they can use malicious TeX code to access information from your system. Suppose you have a script /home/foo/public_html/foobar.php that accesses a database. This could be input verbatim into the document and the database connection information, including the password, can now be read from the PDF.



    TeX code can be obfuscated so don't rely on using regular expressions to check for certain commands within the user-supplied code.



    Summary:




    • Ensure you have an up-to-date TeX installation.

    • Invoke TeX with a timeout that will automatically kill the process if it goes on too long.

    • Run TeX with -no-shell-escape.

    • Run TeX in a safe directory that doesn't have any subdirectories leading to important files.

    • Ensure that both openout_any and openin_any are set to p.

    • If you need to view the generated PDF, make sure that your PDF viewer has JavaScript disabled.






    share|improve this answer































      4














      You have unbalanced environments/braces; begin{array} doesn't have end{array} and left. doesn't have right... Also, load breqn after amsmath and add lmodern for preventing missing font sizes substitution.



      documentclass{article}
      usepackage{graphicx,lmodern}
      usepackage{draftwatermark}
      usepackage{amsmath}
      usepackage{breqn}
      SetWatermarkText{FAST MATH}
      SetWatermarkScale{2}
      SetWatermarkVerCenter{0.6paperheight}
      SetWatermarkAngle{30}

      begin{document}

      section{Input}
      $ begin{array} { l } a) A = { 2 end{array}$
      section{Solution}
      ${a: 0}$

      end{document}





      share|improve this answer



















      • 3





        I know that there is unbalanced expression in the tex file(there may always be, as some part of it user input), what I need is frozen free pdfTex.

        – heral
        Nov 22 '18 at 17:49











      Your Answer








      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "85"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: false,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2ftex.stackexchange.com%2fquestions%2f461319%2fpdftex-hang-prevention%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      4 Answers
      4






      active

      oldest

      votes








      4 Answers
      4






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      2














      If you run pdflatex with the -halt-on-error commandline option, it won't enter the debugger on error. That is generally much more convenient for "batch mode" use of LaTeX.






      share|improve this answer




























        2














        If you run pdflatex with the -halt-on-error commandline option, it won't enter the debugger on error. That is generally much more convenient for "batch mode" use of LaTeX.






        share|improve this answer


























          2












          2








          2







          If you run pdflatex with the -halt-on-error commandline option, it won't enter the debugger on error. That is generally much more convenient for "batch mode" use of LaTeX.






          share|improve this answer













          If you run pdflatex with the -halt-on-error commandline option, it won't enter the debugger on error. That is generally much more convenient for "batch mode" use of LaTeX.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 30 '18 at 11:07









          Eric MarsdenEric Marsden

          75637




          75637























              15














              The issue can be reproduced with a smaller example, showing it has nothing to do with the loaded packages:



              documentclass{article}

              begin{document}

              $left. begin{array} { l } { a ) A = { 2 $

              section{Solution}
              ${a: 0}$

              end{document}


              The errors in the math formula, followed by the section title, make TeX enter an infinite loop announced by



              ! LaTeX Error: begin{array} on input line 7 ended by end{document}.

              See the LaTeX manual or LaTeX Companion for explanation.
              Type H <return> for immediate help.
              ...

              l.12 end{document}

              ?

              ! Improper prevdepth.
              newpage ...everypar {}fi par ifdim prevdepth
              >z@ vskip -ifdim prevd...
              l.12 end{document}


              The missing end{array} causes par to still be defined as “do nothing” like it always is in array. Since the error recovery here is to try doing end{document}, LaTeX tries to finish up the page issuing par, which does nothing.



              If we add tracingmacros=1, after the last error message we see, in the log file after interrupting the program, a string of



              par ->

              par ->

              par ->

              par ->

              par ->


              Solution: don't make silly errors in your input.



              Another solution could be running pdflatex with the option -halt-on-error, which would stop it at the first error.



              However, this is not foolproof. If the user has deffoo{foo} in their preamble, then the first usage of foo in the document would start an infinite loop with no error.






              share|improve this answer





















              • 3





                "Solution: don't make silly errors in your input." unfortuntely this is unavoidable as I explained.

                – heral
                Nov 22 '18 at 18:02
















              15














              The issue can be reproduced with a smaller example, showing it has nothing to do with the loaded packages:



              documentclass{article}

              begin{document}

              $left. begin{array} { l } { a ) A = { 2 $

              section{Solution}
              ${a: 0}$

              end{document}


              The errors in the math formula, followed by the section title, make TeX enter an infinite loop announced by



              ! LaTeX Error: begin{array} on input line 7 ended by end{document}.

              See the LaTeX manual or LaTeX Companion for explanation.
              Type H <return> for immediate help.
              ...

              l.12 end{document}

              ?

              ! Improper prevdepth.
              newpage ...everypar {}fi par ifdim prevdepth
              >z@ vskip -ifdim prevd...
              l.12 end{document}


              The missing end{array} causes par to still be defined as “do nothing” like it always is in array. Since the error recovery here is to try doing end{document}, LaTeX tries to finish up the page issuing par, which does nothing.



              If we add tracingmacros=1, after the last error message we see, in the log file after interrupting the program, a string of



              par ->

              par ->

              par ->

              par ->

              par ->


              Solution: don't make silly errors in your input.



              Another solution could be running pdflatex with the option -halt-on-error, which would stop it at the first error.



              However, this is not foolproof. If the user has deffoo{foo} in their preamble, then the first usage of foo in the document would start an infinite loop with no error.






              share|improve this answer





















              • 3





                "Solution: don't make silly errors in your input." unfortuntely this is unavoidable as I explained.

                – heral
                Nov 22 '18 at 18:02














              15












              15








              15







              The issue can be reproduced with a smaller example, showing it has nothing to do with the loaded packages:



              documentclass{article}

              begin{document}

              $left. begin{array} { l } { a ) A = { 2 $

              section{Solution}
              ${a: 0}$

              end{document}


              The errors in the math formula, followed by the section title, make TeX enter an infinite loop announced by



              ! LaTeX Error: begin{array} on input line 7 ended by end{document}.

              See the LaTeX manual or LaTeX Companion for explanation.
              Type H <return> for immediate help.
              ...

              l.12 end{document}

              ?

              ! Improper prevdepth.
              newpage ...everypar {}fi par ifdim prevdepth
              >z@ vskip -ifdim prevd...
              l.12 end{document}


              The missing end{array} causes par to still be defined as “do nothing” like it always is in array. Since the error recovery here is to try doing end{document}, LaTeX tries to finish up the page issuing par, which does nothing.



              If we add tracingmacros=1, after the last error message we see, in the log file after interrupting the program, a string of



              par ->

              par ->

              par ->

              par ->

              par ->


              Solution: don't make silly errors in your input.



              Another solution could be running pdflatex with the option -halt-on-error, which would stop it at the first error.



              However, this is not foolproof. If the user has deffoo{foo} in their preamble, then the first usage of foo in the document would start an infinite loop with no error.






              share|improve this answer















              The issue can be reproduced with a smaller example, showing it has nothing to do with the loaded packages:



              documentclass{article}

              begin{document}

              $left. begin{array} { l } { a ) A = { 2 $

              section{Solution}
              ${a: 0}$

              end{document}


              The errors in the math formula, followed by the section title, make TeX enter an infinite loop announced by



              ! LaTeX Error: begin{array} on input line 7 ended by end{document}.

              See the LaTeX manual or LaTeX Companion for explanation.
              Type H <return> for immediate help.
              ...

              l.12 end{document}

              ?

              ! Improper prevdepth.
              newpage ...everypar {}fi par ifdim prevdepth
              >z@ vskip -ifdim prevd...
              l.12 end{document}


              The missing end{array} causes par to still be defined as “do nothing” like it always is in array. Since the error recovery here is to try doing end{document}, LaTeX tries to finish up the page issuing par, which does nothing.



              If we add tracingmacros=1, after the last error message we see, in the log file after interrupting the program, a string of



              par ->

              par ->

              par ->

              par ->

              par ->


              Solution: don't make silly errors in your input.



              Another solution could be running pdflatex with the option -halt-on-error, which would stop it at the first error.



              However, this is not foolproof. If the user has deffoo{foo} in their preamble, then the first usage of foo in the document would start an infinite loop with no error.







              share|improve this answer














              share|improve this answer



              share|improve this answer








              edited Nov 22 '18 at 19:07

























              answered Nov 22 '18 at 17:59









              egregegreg

              729k8819263235




              729k8819263235








              • 3





                "Solution: don't make silly errors in your input." unfortuntely this is unavoidable as I explained.

                – heral
                Nov 22 '18 at 18:02














              • 3





                "Solution: don't make silly errors in your input." unfortuntely this is unavoidable as I explained.

                – heral
                Nov 22 '18 at 18:02








              3




              3





              "Solution: don't make silly errors in your input." unfortuntely this is unavoidable as I explained.

              – heral
              Nov 22 '18 at 18:02





              "Solution: don't make silly errors in your input." unfortuntely this is unavoidable as I explained.

              – heral
              Nov 22 '18 at 18:02











              5














              This is an answer to the actual problem of running TeX as a subprocess on a document that contains user supplied code that you have no control over (rather than focusing on the particular example you've provided).



              As already mentioned by others, it's trivially easy to trigger an infinite loop in TeX without generating any errors. Your example shows a plausible user mistake (forgetting the end of an environment) but you also need to guard against a malicious user deliberately triggering an infinite loop.



              Whenever you have an application or script that spawns a subprocess that has the potential to run indefinitely it's a good idea to include a timeout. Since you're using Python, you might find the answers to Using module 'subprocess' with timeout useful.



              There are, however, other types of malicious code that you need to consider. There were some significant improvements made in both TeX Live and MikTeX in 2010 to improve security, but there have also been some more recent fixes, such as:




              • Buffer overflow in texlive-bin allowed arbitrary code execution when a malicious Type 1 font is loaded.

              • Incorrect handling of certain files in TeX Live on Ubuntu 14.04 LTS


              So make sure you have an up-to-date TeX distribution.



              The security settings for TeX Live are in the texmf.cnf configuration file. There are two of these files by default and their locations can be found with kpsewhich -a texmf.cnf. One contains the default settings that shouldn't be modified. The other can be used to override specific settings if required.



              The security settings for MikTeX are in the miktex.ini file.



              The main source for concern is the shell escape (write18). There are three modes:




              • Disabled (shell_escape=f in the texmf.cnf file or use -no-shell-escape when running TeX). This will prevent any systems commands from being called by TeX. This is the most secure mode.

              • Restricted (shell_escape=p in the texmf.cnf file). This imposes the following restrictions on write18:


                • Certain characters are forbidden (such as ' and ;) to prevent injection.

                • Only applications on the trusted list can be run. These are identified in the shell_escape_commands setting in the texmf.cnf file. You can list them with kpsewhich -var-value=shell_escape_commands There are currently eight: bibtex, bibtex8, extractbb, gregorio, kpsewhich, makeindex, repstopdf, texosquery-jre8. These have been evaluated by the TeX Live security team and determined to be safe. (It is, however, possible to still misuse this setting with destructive effect, as I recently demonstrated in the UK TUG meeting.)



              • Unrestricted (shell_escape=t in the texmf.cnf file or use -shell-escape when running TeX). This allows any system command to be called and is therefore insecure.


              Another area of concern are the file I/O operations, which are essential to common document build requirements (such as generating table of contents, cross-referencing and indexes) but can be misused. In addition to the operating system's native file permissions, TeX also has settings to determine whether read or write access is allowed.



              The texmf.cnf file has two settings openin_any and openout_any that may take one of the following values:





              • a: any file allowed (if permitted by the operating system);


              • r: (restricted) hidden dot files not allowed;


              • p: (paranoid) hidden dot files not allowed, and disallow going to parent directories (..) and restrict absolute paths to be under $TEXMFOUTPUT.


              The default values are:



              openin_any = a
              openout_any = p


              The paranoid setting prevents files from being acessed outside of the current working path (the directory that TeX was called from).



              For example, suppose you are running TeX on a web server and suppose your home directory on that server is /home/foo and the root for your website is /home/foo/public_html (so, for example, if your website is www.example.com then www.example.com/index.php corresponds to the file /home/foo/public_html/index.php).



              If you run TeX from your home directory (/home/foo) then, even with the paranoid setting, malicious code added to your document can overwrite public_html/index.php (if it's not protected by the filing system). Your website's home page is now corrupted.



              With the file read operation, if the user gets to see the generated PDF, they can use malicious TeX code to access information from your system. Suppose you have a script /home/foo/public_html/foobar.php that accesses a database. This could be input verbatim into the document and the database connection information, including the password, can now be read from the PDF.



              TeX code can be obfuscated so don't rely on using regular expressions to check for certain commands within the user-supplied code.



              Summary:




              • Ensure you have an up-to-date TeX installation.

              • Invoke TeX with a timeout that will automatically kill the process if it goes on too long.

              • Run TeX with -no-shell-escape.

              • Run TeX in a safe directory that doesn't have any subdirectories leading to important files.

              • Ensure that both openout_any and openin_any are set to p.

              • If you need to view the generated PDF, make sure that your PDF viewer has JavaScript disabled.






              share|improve this answer




























                5














                This is an answer to the actual problem of running TeX as a subprocess on a document that contains user supplied code that you have no control over (rather than focusing on the particular example you've provided).



                As already mentioned by others, it's trivially easy to trigger an infinite loop in TeX without generating any errors. Your example shows a plausible user mistake (forgetting the end of an environment) but you also need to guard against a malicious user deliberately triggering an infinite loop.



                Whenever you have an application or script that spawns a subprocess that has the potential to run indefinitely it's a good idea to include a timeout. Since you're using Python, you might find the answers to Using module 'subprocess' with timeout useful.



                There are, however, other types of malicious code that you need to consider. There were some significant improvements made in both TeX Live and MikTeX in 2010 to improve security, but there have also been some more recent fixes, such as:




                • Buffer overflow in texlive-bin allowed arbitrary code execution when a malicious Type 1 font is loaded.

                • Incorrect handling of certain files in TeX Live on Ubuntu 14.04 LTS


                So make sure you have an up-to-date TeX distribution.



                The security settings for TeX Live are in the texmf.cnf configuration file. There are two of these files by default and their locations can be found with kpsewhich -a texmf.cnf. One contains the default settings that shouldn't be modified. The other can be used to override specific settings if required.



                The security settings for MikTeX are in the miktex.ini file.



                The main source for concern is the shell escape (write18). There are three modes:




                • Disabled (shell_escape=f in the texmf.cnf file or use -no-shell-escape when running TeX). This will prevent any systems commands from being called by TeX. This is the most secure mode.

                • Restricted (shell_escape=p in the texmf.cnf file). This imposes the following restrictions on write18:


                  • Certain characters are forbidden (such as ' and ;) to prevent injection.

                  • Only applications on the trusted list can be run. These are identified in the shell_escape_commands setting in the texmf.cnf file. You can list them with kpsewhich -var-value=shell_escape_commands There are currently eight: bibtex, bibtex8, extractbb, gregorio, kpsewhich, makeindex, repstopdf, texosquery-jre8. These have been evaluated by the TeX Live security team and determined to be safe. (It is, however, possible to still misuse this setting with destructive effect, as I recently demonstrated in the UK TUG meeting.)



                • Unrestricted (shell_escape=t in the texmf.cnf file or use -shell-escape when running TeX). This allows any system command to be called and is therefore insecure.


                Another area of concern are the file I/O operations, which are essential to common document build requirements (such as generating table of contents, cross-referencing and indexes) but can be misused. In addition to the operating system's native file permissions, TeX also has settings to determine whether read or write access is allowed.



                The texmf.cnf file has two settings openin_any and openout_any that may take one of the following values:





                • a: any file allowed (if permitted by the operating system);


                • r: (restricted) hidden dot files not allowed;


                • p: (paranoid) hidden dot files not allowed, and disallow going to parent directories (..) and restrict absolute paths to be under $TEXMFOUTPUT.


                The default values are:



                openin_any = a
                openout_any = p


                The paranoid setting prevents files from being acessed outside of the current working path (the directory that TeX was called from).



                For example, suppose you are running TeX on a web server and suppose your home directory on that server is /home/foo and the root for your website is /home/foo/public_html (so, for example, if your website is www.example.com then www.example.com/index.php corresponds to the file /home/foo/public_html/index.php).



                If you run TeX from your home directory (/home/foo) then, even with the paranoid setting, malicious code added to your document can overwrite public_html/index.php (if it's not protected by the filing system). Your website's home page is now corrupted.



                With the file read operation, if the user gets to see the generated PDF, they can use malicious TeX code to access information from your system. Suppose you have a script /home/foo/public_html/foobar.php that accesses a database. This could be input verbatim into the document and the database connection information, including the password, can now be read from the PDF.



                TeX code can be obfuscated so don't rely on using regular expressions to check for certain commands within the user-supplied code.



                Summary:




                • Ensure you have an up-to-date TeX installation.

                • Invoke TeX with a timeout that will automatically kill the process if it goes on too long.

                • Run TeX with -no-shell-escape.

                • Run TeX in a safe directory that doesn't have any subdirectories leading to important files.

                • Ensure that both openout_any and openin_any are set to p.

                • If you need to view the generated PDF, make sure that your PDF viewer has JavaScript disabled.






                share|improve this answer


























                  5












                  5








                  5







                  This is an answer to the actual problem of running TeX as a subprocess on a document that contains user supplied code that you have no control over (rather than focusing on the particular example you've provided).



                  As already mentioned by others, it's trivially easy to trigger an infinite loop in TeX without generating any errors. Your example shows a plausible user mistake (forgetting the end of an environment) but you also need to guard against a malicious user deliberately triggering an infinite loop.



                  Whenever you have an application or script that spawns a subprocess that has the potential to run indefinitely it's a good idea to include a timeout. Since you're using Python, you might find the answers to Using module 'subprocess' with timeout useful.



                  There are, however, other types of malicious code that you need to consider. There were some significant improvements made in both TeX Live and MikTeX in 2010 to improve security, but there have also been some more recent fixes, such as:




                  • Buffer overflow in texlive-bin allowed arbitrary code execution when a malicious Type 1 font is loaded.

                  • Incorrect handling of certain files in TeX Live on Ubuntu 14.04 LTS


                  So make sure you have an up-to-date TeX distribution.



                  The security settings for TeX Live are in the texmf.cnf configuration file. There are two of these files by default and their locations can be found with kpsewhich -a texmf.cnf. One contains the default settings that shouldn't be modified. The other can be used to override specific settings if required.



                  The security settings for MikTeX are in the miktex.ini file.



                  The main source for concern is the shell escape (write18). There are three modes:




                  • Disabled (shell_escape=f in the texmf.cnf file or use -no-shell-escape when running TeX). This will prevent any systems commands from being called by TeX. This is the most secure mode.

                  • Restricted (shell_escape=p in the texmf.cnf file). This imposes the following restrictions on write18:


                    • Certain characters are forbidden (such as ' and ;) to prevent injection.

                    • Only applications on the trusted list can be run. These are identified in the shell_escape_commands setting in the texmf.cnf file. You can list them with kpsewhich -var-value=shell_escape_commands There are currently eight: bibtex, bibtex8, extractbb, gregorio, kpsewhich, makeindex, repstopdf, texosquery-jre8. These have been evaluated by the TeX Live security team and determined to be safe. (It is, however, possible to still misuse this setting with destructive effect, as I recently demonstrated in the UK TUG meeting.)



                  • Unrestricted (shell_escape=t in the texmf.cnf file or use -shell-escape when running TeX). This allows any system command to be called and is therefore insecure.


                  Another area of concern are the file I/O operations, which are essential to common document build requirements (such as generating table of contents, cross-referencing and indexes) but can be misused. In addition to the operating system's native file permissions, TeX also has settings to determine whether read or write access is allowed.



                  The texmf.cnf file has two settings openin_any and openout_any that may take one of the following values:





                  • a: any file allowed (if permitted by the operating system);


                  • r: (restricted) hidden dot files not allowed;


                  • p: (paranoid) hidden dot files not allowed, and disallow going to parent directories (..) and restrict absolute paths to be under $TEXMFOUTPUT.


                  The default values are:



                  openin_any = a
                  openout_any = p


                  The paranoid setting prevents files from being acessed outside of the current working path (the directory that TeX was called from).



                  For example, suppose you are running TeX on a web server and suppose your home directory on that server is /home/foo and the root for your website is /home/foo/public_html (so, for example, if your website is www.example.com then www.example.com/index.php corresponds to the file /home/foo/public_html/index.php).



                  If you run TeX from your home directory (/home/foo) then, even with the paranoid setting, malicious code added to your document can overwrite public_html/index.php (if it's not protected by the filing system). Your website's home page is now corrupted.



                  With the file read operation, if the user gets to see the generated PDF, they can use malicious TeX code to access information from your system. Suppose you have a script /home/foo/public_html/foobar.php that accesses a database. This could be input verbatim into the document and the database connection information, including the password, can now be read from the PDF.



                  TeX code can be obfuscated so don't rely on using regular expressions to check for certain commands within the user-supplied code.



                  Summary:




                  • Ensure you have an up-to-date TeX installation.

                  • Invoke TeX with a timeout that will automatically kill the process if it goes on too long.

                  • Run TeX with -no-shell-escape.

                  • Run TeX in a safe directory that doesn't have any subdirectories leading to important files.

                  • Ensure that both openout_any and openin_any are set to p.

                  • If you need to view the generated PDF, make sure that your PDF viewer has JavaScript disabled.






                  share|improve this answer













                  This is an answer to the actual problem of running TeX as a subprocess on a document that contains user supplied code that you have no control over (rather than focusing on the particular example you've provided).



                  As already mentioned by others, it's trivially easy to trigger an infinite loop in TeX without generating any errors. Your example shows a plausible user mistake (forgetting the end of an environment) but you also need to guard against a malicious user deliberately triggering an infinite loop.



                  Whenever you have an application or script that spawns a subprocess that has the potential to run indefinitely it's a good idea to include a timeout. Since you're using Python, you might find the answers to Using module 'subprocess' with timeout useful.



                  There are, however, other types of malicious code that you need to consider. There were some significant improvements made in both TeX Live and MikTeX in 2010 to improve security, but there have also been some more recent fixes, such as:




                  • Buffer overflow in texlive-bin allowed arbitrary code execution when a malicious Type 1 font is loaded.

                  • Incorrect handling of certain files in TeX Live on Ubuntu 14.04 LTS


                  So make sure you have an up-to-date TeX distribution.



                  The security settings for TeX Live are in the texmf.cnf configuration file. There are two of these files by default and their locations can be found with kpsewhich -a texmf.cnf. One contains the default settings that shouldn't be modified. The other can be used to override specific settings if required.



                  The security settings for MikTeX are in the miktex.ini file.



                  The main source for concern is the shell escape (write18). There are three modes:




                  • Disabled (shell_escape=f in the texmf.cnf file or use -no-shell-escape when running TeX). This will prevent any systems commands from being called by TeX. This is the most secure mode.

                  • Restricted (shell_escape=p in the texmf.cnf file). This imposes the following restrictions on write18:


                    • Certain characters are forbidden (such as ' and ;) to prevent injection.

                    • Only applications on the trusted list can be run. These are identified in the shell_escape_commands setting in the texmf.cnf file. You can list them with kpsewhich -var-value=shell_escape_commands There are currently eight: bibtex, bibtex8, extractbb, gregorio, kpsewhich, makeindex, repstopdf, texosquery-jre8. These have been evaluated by the TeX Live security team and determined to be safe. (It is, however, possible to still misuse this setting with destructive effect, as I recently demonstrated in the UK TUG meeting.)



                  • Unrestricted (shell_escape=t in the texmf.cnf file or use -shell-escape when running TeX). This allows any system command to be called and is therefore insecure.


                  Another area of concern are the file I/O operations, which are essential to common document build requirements (such as generating table of contents, cross-referencing and indexes) but can be misused. In addition to the operating system's native file permissions, TeX also has settings to determine whether read or write access is allowed.



                  The texmf.cnf file has two settings openin_any and openout_any that may take one of the following values:





                  • a: any file allowed (if permitted by the operating system);


                  • r: (restricted) hidden dot files not allowed;


                  • p: (paranoid) hidden dot files not allowed, and disallow going to parent directories (..) and restrict absolute paths to be under $TEXMFOUTPUT.


                  The default values are:



                  openin_any = a
                  openout_any = p


                  The paranoid setting prevents files from being acessed outside of the current working path (the directory that TeX was called from).



                  For example, suppose you are running TeX on a web server and suppose your home directory on that server is /home/foo and the root for your website is /home/foo/public_html (so, for example, if your website is www.example.com then www.example.com/index.php corresponds to the file /home/foo/public_html/index.php).



                  If you run TeX from your home directory (/home/foo) then, even with the paranoid setting, malicious code added to your document can overwrite public_html/index.php (if it's not protected by the filing system). Your website's home page is now corrupted.



                  With the file read operation, if the user gets to see the generated PDF, they can use malicious TeX code to access information from your system. Suppose you have a script /home/foo/public_html/foobar.php that accesses a database. This could be input verbatim into the document and the database connection information, including the password, can now be read from the PDF.



                  TeX code can be obfuscated so don't rely on using regular expressions to check for certain commands within the user-supplied code.



                  Summary:




                  • Ensure you have an up-to-date TeX installation.

                  • Invoke TeX with a timeout that will automatically kill the process if it goes on too long.

                  • Run TeX with -no-shell-escape.

                  • Run TeX in a safe directory that doesn't have any subdirectories leading to important files.

                  • Ensure that both openout_any and openin_any are set to p.

                  • If you need to view the generated PDF, make sure that your PDF viewer has JavaScript disabled.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Nov 25 '18 at 13:15









                  Nicola TalbotNicola Talbot

                  34.5k259106




                  34.5k259106























                      4














                      You have unbalanced environments/braces; begin{array} doesn't have end{array} and left. doesn't have right... Also, load breqn after amsmath and add lmodern for preventing missing font sizes substitution.



                      documentclass{article}
                      usepackage{graphicx,lmodern}
                      usepackage{draftwatermark}
                      usepackage{amsmath}
                      usepackage{breqn}
                      SetWatermarkText{FAST MATH}
                      SetWatermarkScale{2}
                      SetWatermarkVerCenter{0.6paperheight}
                      SetWatermarkAngle{30}

                      begin{document}

                      section{Input}
                      $ begin{array} { l } a) A = { 2 end{array}$
                      section{Solution}
                      ${a: 0}$

                      end{document}





                      share|improve this answer



















                      • 3





                        I know that there is unbalanced expression in the tex file(there may always be, as some part of it user input), what I need is frozen free pdfTex.

                        – heral
                        Nov 22 '18 at 17:49
















                      4














                      You have unbalanced environments/braces; begin{array} doesn't have end{array} and left. doesn't have right... Also, load breqn after amsmath and add lmodern for preventing missing font sizes substitution.



                      documentclass{article}
                      usepackage{graphicx,lmodern}
                      usepackage{draftwatermark}
                      usepackage{amsmath}
                      usepackage{breqn}
                      SetWatermarkText{FAST MATH}
                      SetWatermarkScale{2}
                      SetWatermarkVerCenter{0.6paperheight}
                      SetWatermarkAngle{30}

                      begin{document}

                      section{Input}
                      $ begin{array} { l } a) A = { 2 end{array}$
                      section{Solution}
                      ${a: 0}$

                      end{document}





                      share|improve this answer



















                      • 3





                        I know that there is unbalanced expression in the tex file(there may always be, as some part of it user input), what I need is frozen free pdfTex.

                        – heral
                        Nov 22 '18 at 17:49














                      4












                      4








                      4







                      You have unbalanced environments/braces; begin{array} doesn't have end{array} and left. doesn't have right... Also, load breqn after amsmath and add lmodern for preventing missing font sizes substitution.



                      documentclass{article}
                      usepackage{graphicx,lmodern}
                      usepackage{draftwatermark}
                      usepackage{amsmath}
                      usepackage{breqn}
                      SetWatermarkText{FAST MATH}
                      SetWatermarkScale{2}
                      SetWatermarkVerCenter{0.6paperheight}
                      SetWatermarkAngle{30}

                      begin{document}

                      section{Input}
                      $ begin{array} { l } a) A = { 2 end{array}$
                      section{Solution}
                      ${a: 0}$

                      end{document}





                      share|improve this answer













                      You have unbalanced environments/braces; begin{array} doesn't have end{array} and left. doesn't have right... Also, load breqn after amsmath and add lmodern for preventing missing font sizes substitution.



                      documentclass{article}
                      usepackage{graphicx,lmodern}
                      usepackage{draftwatermark}
                      usepackage{amsmath}
                      usepackage{breqn}
                      SetWatermarkText{FAST MATH}
                      SetWatermarkScale{2}
                      SetWatermarkVerCenter{0.6paperheight}
                      SetWatermarkAngle{30}

                      begin{document}

                      section{Input}
                      $ begin{array} { l } a) A = { 2 end{array}$
                      section{Solution}
                      ${a: 0}$

                      end{document}






                      share|improve this answer












                      share|improve this answer



                      share|improve this answer










                      answered Nov 22 '18 at 17:36









                      AboAmmarAboAmmar

                      34.5k32985




                      34.5k32985








                      • 3





                        I know that there is unbalanced expression in the tex file(there may always be, as some part of it user input), what I need is frozen free pdfTex.

                        – heral
                        Nov 22 '18 at 17:49














                      • 3





                        I know that there is unbalanced expression in the tex file(there may always be, as some part of it user input), what I need is frozen free pdfTex.

                        – heral
                        Nov 22 '18 at 17:49








                      3




                      3





                      I know that there is unbalanced expression in the tex file(there may always be, as some part of it user input), what I need is frozen free pdfTex.

                      – heral
                      Nov 22 '18 at 17:49





                      I know that there is unbalanced expression in the tex file(there may always be, as some part of it user input), what I need is frozen free pdfTex.

                      – heral
                      Nov 22 '18 at 17:49


















                      draft saved

                      draft discarded




















































                      Thanks for contributing an answer to TeX - LaTeX Stack Exchange!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2ftex.stackexchange.com%2fquestions%2f461319%2fpdftex-hang-prevention%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      這個網誌中的熱門文章

                      Post-Redirect-Get with Spring WebFlux and Thymeleaf

                      Xamarin.form Move up view when keyboard appear

                      JBPM : POST request for execute process go wrong