pdfTeX hang prevention











up vote
14
down vote

favorite
2












I am faced with pdfTex hanging problem and and looking for a workaround if exists. For example, I know that the following formula expression is mistyped, but I dont know why pdfTex is frozen(possibly infinite loop) instead of quting nicely? Is there a workaround? Because in case of an erronous input, I don't want to restart my server.

edit: as comments suggest, problem is clarified.



documentclass{article}
usepackage{graphicx}
usepackage{draftwatermark}
usepackage{breqn}
usepackage{amsmath}
SetWatermarkText{FAST MATH}
SetWatermarkScale{2}
SetWatermarkVerCenter{0.6paperheight}
SetWatermarkAngle{30}

begin{document}

section{Input}
$left. begin{array} { l } { a ) A = { 2 $
section{Solution}
${a: 0}$
end{document}









share|improve this question




















  • 1




    Try running pdflatex with the -halt-on-error commandline option.
    – Eric Marsden
    Nov 22 at 17:26






  • 2




    you can't avoid all loops, setup your server so that it times out if necessary.
    – Ulrike Fischer
    Nov 22 at 17:52






  • 5




    It seems, in your comments here and to other answers, that your question has more to do with how to handle a condition where a program you're creating/writing has problems when pdflatex hangs due to invalid input; rather than asking what is wrong with the sample input. If so ... you might want to edit this question and its title appropriately to describe what you're really trying to ask. And it may even be the case that this is more appropriately handled elsewhere on Stack Exchange, for example, at Stack Overflow.
    – davidbak
    Nov 22 at 22:08






  • 4




    You might be interested in Using module 'subprocess' with timeout to timeout a process called from python. If you're allowing arbitrary unchecked code in your document, I hope you have your TeX installation set up with the highest security settings.
    – Nicola Talbot
    Nov 22 at 22:35






  • 7




    @heral it is provably impossible in any non trivial programming language to avoid or detect all loops. This is the "Turing halting problem", the halt on error suggestion will stop tex if there is an error but it is easy to make tex loop in non-error cases, deffoo{foo}foo for example.
    – David Carlisle
    Nov 23 at 0:52















up vote
14
down vote

favorite
2












I am faced with pdfTex hanging problem and and looking for a workaround if exists. For example, I know that the following formula expression is mistyped, but I dont know why pdfTex is frozen(possibly infinite loop) instead of quting nicely? Is there a workaround? Because in case of an erronous input, I don't want to restart my server.

edit: as comments suggest, problem is clarified.



documentclass{article}
usepackage{graphicx}
usepackage{draftwatermark}
usepackage{breqn}
usepackage{amsmath}
SetWatermarkText{FAST MATH}
SetWatermarkScale{2}
SetWatermarkVerCenter{0.6paperheight}
SetWatermarkAngle{30}

begin{document}

section{Input}
$left. begin{array} { l } { a ) A = { 2 $
section{Solution}
${a: 0}$
end{document}









share|improve this question




















  • 1




    Try running pdflatex with the -halt-on-error commandline option.
    – Eric Marsden
    Nov 22 at 17:26






  • 2




    you can't avoid all loops, setup your server so that it times out if necessary.
    – Ulrike Fischer
    Nov 22 at 17:52






  • 5




    It seems, in your comments here and to other answers, that your question has more to do with how to handle a condition where a program you're creating/writing has problems when pdflatex hangs due to invalid input; rather than asking what is wrong with the sample input. If so ... you might want to edit this question and its title appropriately to describe what you're really trying to ask. And it may even be the case that this is more appropriately handled elsewhere on Stack Exchange, for example, at Stack Overflow.
    – davidbak
    Nov 22 at 22:08






  • 4




    You might be interested in Using module 'subprocess' with timeout to timeout a process called from python. If you're allowing arbitrary unchecked code in your document, I hope you have your TeX installation set up with the highest security settings.
    – Nicola Talbot
    Nov 22 at 22:35






  • 7




    @heral it is provably impossible in any non trivial programming language to avoid or detect all loops. This is the "Turing halting problem", the halt on error suggestion will stop tex if there is an error but it is easy to make tex loop in non-error cases, deffoo{foo}foo for example.
    – David Carlisle
    Nov 23 at 0:52













up vote
14
down vote

favorite
2









up vote
14
down vote

favorite
2






2





I am faced with pdfTex hanging problem and and looking for a workaround if exists. For example, I know that the following formula expression is mistyped, but I dont know why pdfTex is frozen(possibly infinite loop) instead of quting nicely? Is there a workaround? Because in case of an erronous input, I don't want to restart my server.

edit: as comments suggest, problem is clarified.



documentclass{article}
usepackage{graphicx}
usepackage{draftwatermark}
usepackage{breqn}
usepackage{amsmath}
SetWatermarkText{FAST MATH}
SetWatermarkScale{2}
SetWatermarkVerCenter{0.6paperheight}
SetWatermarkAngle{30}

begin{document}

section{Input}
$left. begin{array} { l } { a ) A = { 2 $
section{Solution}
${a: 0}$
end{document}









share|improve this question















I am faced with pdfTex hanging problem and and looking for a workaround if exists. For example, I know that the following formula expression is mistyped, but I dont know why pdfTex is frozen(possibly infinite loop) instead of quting nicely? Is there a workaround? Because in case of an erronous input, I don't want to restart my server.

edit: as comments suggest, problem is clarified.



documentclass{article}
usepackage{graphicx}
usepackage{draftwatermark}
usepackage{breqn}
usepackage{amsmath}
SetWatermarkText{FAST MATH}
SetWatermarkScale{2}
SetWatermarkVerCenter{0.6paperheight}
SetWatermarkAngle{30}

begin{document}

section{Input}
$left. begin{array} { l } { a ) A = { 2 $
section{Solution}
${a: 0}$
end{document}






errors






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 24 at 16:35

























asked Nov 22 at 17:21









heral

766




766








  • 1




    Try running pdflatex with the -halt-on-error commandline option.
    – Eric Marsden
    Nov 22 at 17:26






  • 2




    you can't avoid all loops, setup your server so that it times out if necessary.
    – Ulrike Fischer
    Nov 22 at 17:52






  • 5




    It seems, in your comments here and to other answers, that your question has more to do with how to handle a condition where a program you're creating/writing has problems when pdflatex hangs due to invalid input; rather than asking what is wrong with the sample input. If so ... you might want to edit this question and its title appropriately to describe what you're really trying to ask. And it may even be the case that this is more appropriately handled elsewhere on Stack Exchange, for example, at Stack Overflow.
    – davidbak
    Nov 22 at 22:08






  • 4




    You might be interested in Using module 'subprocess' with timeout to timeout a process called from python. If you're allowing arbitrary unchecked code in your document, I hope you have your TeX installation set up with the highest security settings.
    – Nicola Talbot
    Nov 22 at 22:35






  • 7




    @heral it is provably impossible in any non trivial programming language to avoid or detect all loops. This is the "Turing halting problem", the halt on error suggestion will stop tex if there is an error but it is easy to make tex loop in non-error cases, deffoo{foo}foo for example.
    – David Carlisle
    Nov 23 at 0:52














  • 1




    Try running pdflatex with the -halt-on-error commandline option.
    – Eric Marsden
    Nov 22 at 17:26






  • 2




    you can't avoid all loops, setup your server so that it times out if necessary.
    – Ulrike Fischer
    Nov 22 at 17:52






  • 5




    It seems, in your comments here and to other answers, that your question has more to do with how to handle a condition where a program you're creating/writing has problems when pdflatex hangs due to invalid input; rather than asking what is wrong with the sample input. If so ... you might want to edit this question and its title appropriately to describe what you're really trying to ask. And it may even be the case that this is more appropriately handled elsewhere on Stack Exchange, for example, at Stack Overflow.
    – davidbak
    Nov 22 at 22:08






  • 4




    You might be interested in Using module 'subprocess' with timeout to timeout a process called from python. If you're allowing arbitrary unchecked code in your document, I hope you have your TeX installation set up with the highest security settings.
    – Nicola Talbot
    Nov 22 at 22:35






  • 7




    @heral it is provably impossible in any non trivial programming language to avoid or detect all loops. This is the "Turing halting problem", the halt on error suggestion will stop tex if there is an error but it is easy to make tex loop in non-error cases, deffoo{foo}foo for example.
    – David Carlisle
    Nov 23 at 0:52








1




1




Try running pdflatex with the -halt-on-error commandline option.
– Eric Marsden
Nov 22 at 17:26




Try running pdflatex with the -halt-on-error commandline option.
– Eric Marsden
Nov 22 at 17:26




2




2




you can't avoid all loops, setup your server so that it times out if necessary.
– Ulrike Fischer
Nov 22 at 17:52




you can't avoid all loops, setup your server so that it times out if necessary.
– Ulrike Fischer
Nov 22 at 17:52




5




5




It seems, in your comments here and to other answers, that your question has more to do with how to handle a condition where a program you're creating/writing has problems when pdflatex hangs due to invalid input; rather than asking what is wrong with the sample input. If so ... you might want to edit this question and its title appropriately to describe what you're really trying to ask. And it may even be the case that this is more appropriately handled elsewhere on Stack Exchange, for example, at Stack Overflow.
– davidbak
Nov 22 at 22:08




It seems, in your comments here and to other answers, that your question has more to do with how to handle a condition where a program you're creating/writing has problems when pdflatex hangs due to invalid input; rather than asking what is wrong with the sample input. If so ... you might want to edit this question and its title appropriately to describe what you're really trying to ask. And it may even be the case that this is more appropriately handled elsewhere on Stack Exchange, for example, at Stack Overflow.
– davidbak
Nov 22 at 22:08




4




4




You might be interested in Using module 'subprocess' with timeout to timeout a process called from python. If you're allowing arbitrary unchecked code in your document, I hope you have your TeX installation set up with the highest security settings.
– Nicola Talbot
Nov 22 at 22:35




You might be interested in Using module 'subprocess' with timeout to timeout a process called from python. If you're allowing arbitrary unchecked code in your document, I hope you have your TeX installation set up with the highest security settings.
– Nicola Talbot
Nov 22 at 22:35




7




7




@heral it is provably impossible in any non trivial programming language to avoid or detect all loops. This is the "Turing halting problem", the halt on error suggestion will stop tex if there is an error but it is easy to make tex loop in non-error cases, deffoo{foo}foo for example.
– David Carlisle
Nov 23 at 0:52




@heral it is provably impossible in any non trivial programming language to avoid or detect all loops. This is the "Turing halting problem", the halt on error suggestion will stop tex if there is an error but it is easy to make tex loop in non-error cases, deffoo{foo}foo for example.
– David Carlisle
Nov 23 at 0:52










4 Answers
4






active

oldest

votes

















up vote
2
down vote



accepted










If you run pdflatex with the -halt-on-error commandline option, it won't enter the debugger on error. That is generally much more convenient for "batch mode" use of LaTeX.






share|improve this answer




























    up vote
    15
    down vote













    The issue can be reproduced with a smaller example, showing it has nothing to do with the loaded packages:



    documentclass{article}

    begin{document}

    $left. begin{array} { l } { a ) A = { 2 $

    section{Solution}
    ${a: 0}$

    end{document}


    The errors in the math formula, followed by the section title, make TeX enter an infinite loop announced by



    ! LaTeX Error: begin{array} on input line 7 ended by end{document}.

    See the LaTeX manual or LaTeX Companion for explanation.
    Type H <return> for immediate help.
    ...

    l.12 end{document}

    ?

    ! Improper prevdepth.
    newpage ...everypar {}fi par ifdim prevdepth
    >z@ vskip -ifdim prevd...
    l.12 end{document}


    The missing end{array} causes par to still be defined as “do nothing” like it always is in array. Since the error recovery here is to try doing end{document}, LaTeX tries to finish up the page issuing par, which does nothing.



    If we add tracingmacros=1, after the last error message we see, in the log file after interrupting the program, a string of



    par ->

    par ->

    par ->

    par ->

    par ->


    Solution: don't make silly errors in your input.



    Another solution could be running pdflatex with the option -halt-on-error, which would stop it at the first error.



    However, this is not foolproof. If the user has deffoo{foo} in their preamble, then the first usage of foo in the document would start an infinite loop with no error.






    share|improve this answer



















    • 3




      "Solution: don't make silly errors in your input." unfortuntely this is unavoidable as I explained.
      – heral
      Nov 22 at 18:02


















    up vote
    5
    down vote













    This is an answer to the actual problem of running TeX as a subprocess on a document that contains user supplied code that you have no control over (rather than focusing on the particular example you've provided).



    As already mentioned by others, it's trivially easy to trigger an infinite loop in TeX without generating any errors. Your example shows a plausible user mistake (forgetting the end of an environment) but you also need to guard against a malicious user deliberately triggering an infinite loop.



    Whenever you have an application or script that spawns a subprocess that has the potential to run indefinitely it's a good idea to include a timeout. Since you're using Python, you might find the answers to Using module 'subprocess' with timeout useful.



    There are, however, other types of malicious code that you need to consider. There were some significant improvements made in both TeX Live and MikTeX in 2010 to improve security, but there have also been some more recent fixes, such as:




    • Buffer overflow in texlive-bin allowed arbitrary code execution when a malicious Type 1 font is loaded.

    • Incorrect handling of certain files in TeX Live on Ubuntu 14.04 LTS


    So make sure you have an up-to-date TeX distribution.



    The security settings for TeX Live are in the texmf.cnf configuration file. There are two of these files by default and their locations can be found with kpsewhich -a texmf.cnf. One contains the default settings that shouldn't be modified. The other can be used to override specific settings if required.



    The security settings for MikTeX are in the miktex.ini file.



    The main source for concern is the shell escape (write18). There are three modes:




    • Disabled (shell_escape=f in the texmf.cnf file or use -no-shell-escape when running TeX). This will prevent any systems commands from being called by TeX. This is the most secure mode.

    • Restricted (shell_escape=p in the texmf.cnf file). This imposes the following restrictions on write18:


      • Certain characters are forbidden (such as ' and ;) to prevent injection.

      • Only applications on the trusted list can be run. These are identified in the shell_escape_commands setting in the texmf.cnf file. You can list them with kpsewhich -var-value=shell_escape_commands There are currently eight: bibtex, bibtex8, extractbb, gregorio, kpsewhich, makeindex, repstopdf, texosquery-jre8. These have been evaluated by the TeX Live security team and determined to be safe. (It is, however, possible to still misuse this setting with destructive effect, as I recently demonstrated in the UK TUG meeting.)



    • Unrestricted (shell_escape=t in the texmf.cnf file or use -shell-escape when running TeX). This allows any system command to be called and is therefore insecure.


    Another area of concern are the file I/O operations, which are essential to common document build requirements (such as generating table of contents, cross-referencing and indexes) but can be misused. In addition to the operating system's native file permissions, TeX also has settings to determine whether read or write access is allowed.



    The texmf.cnf file has two settings openin_any and openout_any that may take one of the following values:





    • a: any file allowed (if permitted by the operating system);


    • r: (restricted) hidden dot files not allowed;


    • p: (paranoid) hidden dot files not allowed, and disallow going to parent directories (..) and restrict absolute paths to be under $TEXMFOUTPUT.


    The default values are:



    openin_any = a
    openout_any = p


    The paranoid setting prevents files from being acessed outside of the current working path (the directory that TeX was called from).



    For example, suppose you are running TeX on a web server and suppose your home directory on that server is /home/foo and the root for your website is /home/foo/public_html (so, for example, if your website is www.example.com then www.example.com/index.php corresponds to the file /home/foo/public_html/index.php).



    If you run TeX from your home directory (/home/foo) then, even with the paranoid setting, malicious code added to your document can overwrite public_html/index.php (if it's not protected by the filing system). Your website's home page is now corrupted.



    With the file read operation, if the user gets to see the generated PDF, they can use malicious TeX code to access information from your system. Suppose you have a script /home/foo/public_html/foobar.php that accesses a database. This could be input verbatim into the document and the database connection information, including the password, can now be read from the PDF.



    TeX code can be obfuscated so don't rely on using regular expressions to check for certain commands within the user-supplied code.



    Summary:




    • Ensure you have an up-to-date TeX installation.

    • Invoke TeX with a timeout that will automatically kill the process if it goes on too long.

    • Run TeX with -no-shell-escape.

    • Run TeX in a safe directory that doesn't have any subdirectories leading to important files.

    • Ensure that both openout_any and openin_any are set to p.

    • If you need to view the generated PDF, make sure that your PDF viewer has JavaScript disabled.






    share|improve this answer




























      up vote
      4
      down vote













      You have unbalanced environments/braces; begin{array} doesn't have end{array} and left. doesn't have right... Also, load breqn after amsmath and add lmodern for preventing missing font sizes substitution.



      documentclass{article}
      usepackage{graphicx,lmodern}
      usepackage{draftwatermark}
      usepackage{amsmath}
      usepackage{breqn}
      SetWatermarkText{FAST MATH}
      SetWatermarkScale{2}
      SetWatermarkVerCenter{0.6paperheight}
      SetWatermarkAngle{30}

      begin{document}

      section{Input}
      $ begin{array} { l } a) A = { 2 end{array}$
      section{Solution}
      ${a: 0}$

      end{document}





      share|improve this answer

















      • 3




        I know that there is unbalanced expression in the tex file(there may always be, as some part of it user input), what I need is frozen free pdfTex.
        – heral
        Nov 22 at 17:49











      Your Answer








      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "85"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      convertImagesToLinks: false,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2ftex.stackexchange.com%2fquestions%2f461319%2fpdftex-hang-prevention%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      4 Answers
      4






      active

      oldest

      votes








      4 Answers
      4






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes








      up vote
      2
      down vote



      accepted










      If you run pdflatex with the -halt-on-error commandline option, it won't enter the debugger on error. That is generally much more convenient for "batch mode" use of LaTeX.






      share|improve this answer

























        up vote
        2
        down vote



        accepted










        If you run pdflatex with the -halt-on-error commandline option, it won't enter the debugger on error. That is generally much more convenient for "batch mode" use of LaTeX.






        share|improve this answer























          up vote
          2
          down vote



          accepted







          up vote
          2
          down vote



          accepted






          If you run pdflatex with the -halt-on-error commandline option, it won't enter the debugger on error. That is generally much more convenient for "batch mode" use of LaTeX.






          share|improve this answer












          If you run pdflatex with the -halt-on-error commandline option, it won't enter the debugger on error. That is generally much more convenient for "batch mode" use of LaTeX.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered 18 hours ago









          Eric Marsden

          64637




          64637






















              up vote
              15
              down vote













              The issue can be reproduced with a smaller example, showing it has nothing to do with the loaded packages:



              documentclass{article}

              begin{document}

              $left. begin{array} { l } { a ) A = { 2 $

              section{Solution}
              ${a: 0}$

              end{document}


              The errors in the math formula, followed by the section title, make TeX enter an infinite loop announced by



              ! LaTeX Error: begin{array} on input line 7 ended by end{document}.

              See the LaTeX manual or LaTeX Companion for explanation.
              Type H <return> for immediate help.
              ...

              l.12 end{document}

              ?

              ! Improper prevdepth.
              newpage ...everypar {}fi par ifdim prevdepth
              >z@ vskip -ifdim prevd...
              l.12 end{document}


              The missing end{array} causes par to still be defined as “do nothing” like it always is in array. Since the error recovery here is to try doing end{document}, LaTeX tries to finish up the page issuing par, which does nothing.



              If we add tracingmacros=1, after the last error message we see, in the log file after interrupting the program, a string of



              par ->

              par ->

              par ->

              par ->

              par ->


              Solution: don't make silly errors in your input.



              Another solution could be running pdflatex with the option -halt-on-error, which would stop it at the first error.



              However, this is not foolproof. If the user has deffoo{foo} in their preamble, then the first usage of foo in the document would start an infinite loop with no error.






              share|improve this answer



















              • 3




                "Solution: don't make silly errors in your input." unfortuntely this is unavoidable as I explained.
                – heral
                Nov 22 at 18:02















              up vote
              15
              down vote













              The issue can be reproduced with a smaller example, showing it has nothing to do with the loaded packages:



              documentclass{article}

              begin{document}

              $left. begin{array} { l } { a ) A = { 2 $

              section{Solution}
              ${a: 0}$

              end{document}


              The errors in the math formula, followed by the section title, make TeX enter an infinite loop announced by



              ! LaTeX Error: begin{array} on input line 7 ended by end{document}.

              See the LaTeX manual or LaTeX Companion for explanation.
              Type H <return> for immediate help.
              ...

              l.12 end{document}

              ?

              ! Improper prevdepth.
              newpage ...everypar {}fi par ifdim prevdepth
              >z@ vskip -ifdim prevd...
              l.12 end{document}


              The missing end{array} causes par to still be defined as “do nothing” like it always is in array. Since the error recovery here is to try doing end{document}, LaTeX tries to finish up the page issuing par, which does nothing.



              If we add tracingmacros=1, after the last error message we see, in the log file after interrupting the program, a string of



              par ->

              par ->

              par ->

              par ->

              par ->


              Solution: don't make silly errors in your input.



              Another solution could be running pdflatex with the option -halt-on-error, which would stop it at the first error.



              However, this is not foolproof. If the user has deffoo{foo} in their preamble, then the first usage of foo in the document would start an infinite loop with no error.






              share|improve this answer



















              • 3




                "Solution: don't make silly errors in your input." unfortuntely this is unavoidable as I explained.
                – heral
                Nov 22 at 18:02













              up vote
              15
              down vote










              up vote
              15
              down vote









              The issue can be reproduced with a smaller example, showing it has nothing to do with the loaded packages:



              documentclass{article}

              begin{document}

              $left. begin{array} { l } { a ) A = { 2 $

              section{Solution}
              ${a: 0}$

              end{document}


              The errors in the math formula, followed by the section title, make TeX enter an infinite loop announced by



              ! LaTeX Error: begin{array} on input line 7 ended by end{document}.

              See the LaTeX manual or LaTeX Companion for explanation.
              Type H <return> for immediate help.
              ...

              l.12 end{document}

              ?

              ! Improper prevdepth.
              newpage ...everypar {}fi par ifdim prevdepth
              >z@ vskip -ifdim prevd...
              l.12 end{document}


              The missing end{array} causes par to still be defined as “do nothing” like it always is in array. Since the error recovery here is to try doing end{document}, LaTeX tries to finish up the page issuing par, which does nothing.



              If we add tracingmacros=1, after the last error message we see, in the log file after interrupting the program, a string of



              par ->

              par ->

              par ->

              par ->

              par ->


              Solution: don't make silly errors in your input.



              Another solution could be running pdflatex with the option -halt-on-error, which would stop it at the first error.



              However, this is not foolproof. If the user has deffoo{foo} in their preamble, then the first usage of foo in the document would start an infinite loop with no error.






              share|improve this answer














              The issue can be reproduced with a smaller example, showing it has nothing to do with the loaded packages:



              documentclass{article}

              begin{document}

              $left. begin{array} { l } { a ) A = { 2 $

              section{Solution}
              ${a: 0}$

              end{document}


              The errors in the math formula, followed by the section title, make TeX enter an infinite loop announced by



              ! LaTeX Error: begin{array} on input line 7 ended by end{document}.

              See the LaTeX manual or LaTeX Companion for explanation.
              Type H <return> for immediate help.
              ...

              l.12 end{document}

              ?

              ! Improper prevdepth.
              newpage ...everypar {}fi par ifdim prevdepth
              >z@ vskip -ifdim prevd...
              l.12 end{document}


              The missing end{array} causes par to still be defined as “do nothing” like it always is in array. Since the error recovery here is to try doing end{document}, LaTeX tries to finish up the page issuing par, which does nothing.



              If we add tracingmacros=1, after the last error message we see, in the log file after interrupting the program, a string of



              par ->

              par ->

              par ->

              par ->

              par ->


              Solution: don't make silly errors in your input.



              Another solution could be running pdflatex with the option -halt-on-error, which would stop it at the first error.



              However, this is not foolproof. If the user has deffoo{foo} in their preamble, then the first usage of foo in the document would start an infinite loop with no error.







              share|improve this answer














              share|improve this answer



              share|improve this answer








              edited Nov 22 at 19:07

























              answered Nov 22 at 17:59









              egreg

              701k8618683141




              701k8618683141








              • 3




                "Solution: don't make silly errors in your input." unfortuntely this is unavoidable as I explained.
                – heral
                Nov 22 at 18:02














              • 3




                "Solution: don't make silly errors in your input." unfortuntely this is unavoidable as I explained.
                – heral
                Nov 22 at 18:02








              3




              3




              "Solution: don't make silly errors in your input." unfortuntely this is unavoidable as I explained.
              – heral
              Nov 22 at 18:02




              "Solution: don't make silly errors in your input." unfortuntely this is unavoidable as I explained.
              – heral
              Nov 22 at 18:02










              up vote
              5
              down vote













              This is an answer to the actual problem of running TeX as a subprocess on a document that contains user supplied code that you have no control over (rather than focusing on the particular example you've provided).



              As already mentioned by others, it's trivially easy to trigger an infinite loop in TeX without generating any errors. Your example shows a plausible user mistake (forgetting the end of an environment) but you also need to guard against a malicious user deliberately triggering an infinite loop.



              Whenever you have an application or script that spawns a subprocess that has the potential to run indefinitely it's a good idea to include a timeout. Since you're using Python, you might find the answers to Using module 'subprocess' with timeout useful.



              There are, however, other types of malicious code that you need to consider. There were some significant improvements made in both TeX Live and MikTeX in 2010 to improve security, but there have also been some more recent fixes, such as:




              • Buffer overflow in texlive-bin allowed arbitrary code execution when a malicious Type 1 font is loaded.

              • Incorrect handling of certain files in TeX Live on Ubuntu 14.04 LTS


              So make sure you have an up-to-date TeX distribution.



              The security settings for TeX Live are in the texmf.cnf configuration file. There are two of these files by default and their locations can be found with kpsewhich -a texmf.cnf. One contains the default settings that shouldn't be modified. The other can be used to override specific settings if required.



              The security settings for MikTeX are in the miktex.ini file.



              The main source for concern is the shell escape (write18). There are three modes:




              • Disabled (shell_escape=f in the texmf.cnf file or use -no-shell-escape when running TeX). This will prevent any systems commands from being called by TeX. This is the most secure mode.

              • Restricted (shell_escape=p in the texmf.cnf file). This imposes the following restrictions on write18:


                • Certain characters are forbidden (such as ' and ;) to prevent injection.

                • Only applications on the trusted list can be run. These are identified in the shell_escape_commands setting in the texmf.cnf file. You can list them with kpsewhich -var-value=shell_escape_commands There are currently eight: bibtex, bibtex8, extractbb, gregorio, kpsewhich, makeindex, repstopdf, texosquery-jre8. These have been evaluated by the TeX Live security team and determined to be safe. (It is, however, possible to still misuse this setting with destructive effect, as I recently demonstrated in the UK TUG meeting.)



              • Unrestricted (shell_escape=t in the texmf.cnf file or use -shell-escape when running TeX). This allows any system command to be called and is therefore insecure.


              Another area of concern are the file I/O operations, which are essential to common document build requirements (such as generating table of contents, cross-referencing and indexes) but can be misused. In addition to the operating system's native file permissions, TeX also has settings to determine whether read or write access is allowed.



              The texmf.cnf file has two settings openin_any and openout_any that may take one of the following values:





              • a: any file allowed (if permitted by the operating system);


              • r: (restricted) hidden dot files not allowed;


              • p: (paranoid) hidden dot files not allowed, and disallow going to parent directories (..) and restrict absolute paths to be under $TEXMFOUTPUT.


              The default values are:



              openin_any = a
              openout_any = p


              The paranoid setting prevents files from being acessed outside of the current working path (the directory that TeX was called from).



              For example, suppose you are running TeX on a web server and suppose your home directory on that server is /home/foo and the root for your website is /home/foo/public_html (so, for example, if your website is www.example.com then www.example.com/index.php corresponds to the file /home/foo/public_html/index.php).



              If you run TeX from your home directory (/home/foo) then, even with the paranoid setting, malicious code added to your document can overwrite public_html/index.php (if it's not protected by the filing system). Your website's home page is now corrupted.



              With the file read operation, if the user gets to see the generated PDF, they can use malicious TeX code to access information from your system. Suppose you have a script /home/foo/public_html/foobar.php that accesses a database. This could be input verbatim into the document and the database connection information, including the password, can now be read from the PDF.



              TeX code can be obfuscated so don't rely on using regular expressions to check for certain commands within the user-supplied code.



              Summary:




              • Ensure you have an up-to-date TeX installation.

              • Invoke TeX with a timeout that will automatically kill the process if it goes on too long.

              • Run TeX with -no-shell-escape.

              • Run TeX in a safe directory that doesn't have any subdirectories leading to important files.

              • Ensure that both openout_any and openin_any are set to p.

              • If you need to view the generated PDF, make sure that your PDF viewer has JavaScript disabled.






              share|improve this answer

























                up vote
                5
                down vote













                This is an answer to the actual problem of running TeX as a subprocess on a document that contains user supplied code that you have no control over (rather than focusing on the particular example you've provided).



                As already mentioned by others, it's trivially easy to trigger an infinite loop in TeX without generating any errors. Your example shows a plausible user mistake (forgetting the end of an environment) but you also need to guard against a malicious user deliberately triggering an infinite loop.



                Whenever you have an application or script that spawns a subprocess that has the potential to run indefinitely it's a good idea to include a timeout. Since you're using Python, you might find the answers to Using module 'subprocess' with timeout useful.



                There are, however, other types of malicious code that you need to consider. There were some significant improvements made in both TeX Live and MikTeX in 2010 to improve security, but there have also been some more recent fixes, such as:




                • Buffer overflow in texlive-bin allowed arbitrary code execution when a malicious Type 1 font is loaded.

                • Incorrect handling of certain files in TeX Live on Ubuntu 14.04 LTS


                So make sure you have an up-to-date TeX distribution.



                The security settings for TeX Live are in the texmf.cnf configuration file. There are two of these files by default and their locations can be found with kpsewhich -a texmf.cnf. One contains the default settings that shouldn't be modified. The other can be used to override specific settings if required.



                The security settings for MikTeX are in the miktex.ini file.



                The main source for concern is the shell escape (write18). There are three modes:




                • Disabled (shell_escape=f in the texmf.cnf file or use -no-shell-escape when running TeX). This will prevent any systems commands from being called by TeX. This is the most secure mode.

                • Restricted (shell_escape=p in the texmf.cnf file). This imposes the following restrictions on write18:


                  • Certain characters are forbidden (such as ' and ;) to prevent injection.

                  • Only applications on the trusted list can be run. These are identified in the shell_escape_commands setting in the texmf.cnf file. You can list them with kpsewhich -var-value=shell_escape_commands There are currently eight: bibtex, bibtex8, extractbb, gregorio, kpsewhich, makeindex, repstopdf, texosquery-jre8. These have been evaluated by the TeX Live security team and determined to be safe. (It is, however, possible to still misuse this setting with destructive effect, as I recently demonstrated in the UK TUG meeting.)



                • Unrestricted (shell_escape=t in the texmf.cnf file or use -shell-escape when running TeX). This allows any system command to be called and is therefore insecure.


                Another area of concern are the file I/O operations, which are essential to common document build requirements (such as generating table of contents, cross-referencing and indexes) but can be misused. In addition to the operating system's native file permissions, TeX also has settings to determine whether read or write access is allowed.



                The texmf.cnf file has two settings openin_any and openout_any that may take one of the following values:





                • a: any file allowed (if permitted by the operating system);


                • r: (restricted) hidden dot files not allowed;


                • p: (paranoid) hidden dot files not allowed, and disallow going to parent directories (..) and restrict absolute paths to be under $TEXMFOUTPUT.


                The default values are:



                openin_any = a
                openout_any = p


                The paranoid setting prevents files from being acessed outside of the current working path (the directory that TeX was called from).



                For example, suppose you are running TeX on a web server and suppose your home directory on that server is /home/foo and the root for your website is /home/foo/public_html (so, for example, if your website is www.example.com then www.example.com/index.php corresponds to the file /home/foo/public_html/index.php).



                If you run TeX from your home directory (/home/foo) then, even with the paranoid setting, malicious code added to your document can overwrite public_html/index.php (if it's not protected by the filing system). Your website's home page is now corrupted.



                With the file read operation, if the user gets to see the generated PDF, they can use malicious TeX code to access information from your system. Suppose you have a script /home/foo/public_html/foobar.php that accesses a database. This could be input verbatim into the document and the database connection information, including the password, can now be read from the PDF.



                TeX code can be obfuscated so don't rely on using regular expressions to check for certain commands within the user-supplied code.



                Summary:




                • Ensure you have an up-to-date TeX installation.

                • Invoke TeX with a timeout that will automatically kill the process if it goes on too long.

                • Run TeX with -no-shell-escape.

                • Run TeX in a safe directory that doesn't have any subdirectories leading to important files.

                • Ensure that both openout_any and openin_any are set to p.

                • If you need to view the generated PDF, make sure that your PDF viewer has JavaScript disabled.






                share|improve this answer























                  up vote
                  5
                  down vote










                  up vote
                  5
                  down vote









                  This is an answer to the actual problem of running TeX as a subprocess on a document that contains user supplied code that you have no control over (rather than focusing on the particular example you've provided).



                  As already mentioned by others, it's trivially easy to trigger an infinite loop in TeX without generating any errors. Your example shows a plausible user mistake (forgetting the end of an environment) but you also need to guard against a malicious user deliberately triggering an infinite loop.



                  Whenever you have an application or script that spawns a subprocess that has the potential to run indefinitely it's a good idea to include a timeout. Since you're using Python, you might find the answers to Using module 'subprocess' with timeout useful.



                  There are, however, other types of malicious code that you need to consider. There were some significant improvements made in both TeX Live and MikTeX in 2010 to improve security, but there have also been some more recent fixes, such as:




                  • Buffer overflow in texlive-bin allowed arbitrary code execution when a malicious Type 1 font is loaded.

                  • Incorrect handling of certain files in TeX Live on Ubuntu 14.04 LTS


                  So make sure you have an up-to-date TeX distribution.



                  The security settings for TeX Live are in the texmf.cnf configuration file. There are two of these files by default and their locations can be found with kpsewhich -a texmf.cnf. One contains the default settings that shouldn't be modified. The other can be used to override specific settings if required.



                  The security settings for MikTeX are in the miktex.ini file.



                  The main source for concern is the shell escape (write18). There are three modes:




                  • Disabled (shell_escape=f in the texmf.cnf file or use -no-shell-escape when running TeX). This will prevent any systems commands from being called by TeX. This is the most secure mode.

                  • Restricted (shell_escape=p in the texmf.cnf file). This imposes the following restrictions on write18:


                    • Certain characters are forbidden (such as ' and ;) to prevent injection.

                    • Only applications on the trusted list can be run. These are identified in the shell_escape_commands setting in the texmf.cnf file. You can list them with kpsewhich -var-value=shell_escape_commands There are currently eight: bibtex, bibtex8, extractbb, gregorio, kpsewhich, makeindex, repstopdf, texosquery-jre8. These have been evaluated by the TeX Live security team and determined to be safe. (It is, however, possible to still misuse this setting with destructive effect, as I recently demonstrated in the UK TUG meeting.)



                  • Unrestricted (shell_escape=t in the texmf.cnf file or use -shell-escape when running TeX). This allows any system command to be called and is therefore insecure.


                  Another area of concern are the file I/O operations, which are essential to common document build requirements (such as generating table of contents, cross-referencing and indexes) but can be misused. In addition to the operating system's native file permissions, TeX also has settings to determine whether read or write access is allowed.



                  The texmf.cnf file has two settings openin_any and openout_any that may take one of the following values:





                  • a: any file allowed (if permitted by the operating system);


                  • r: (restricted) hidden dot files not allowed;


                  • p: (paranoid) hidden dot files not allowed, and disallow going to parent directories (..) and restrict absolute paths to be under $TEXMFOUTPUT.


                  The default values are:



                  openin_any = a
                  openout_any = p


                  The paranoid setting prevents files from being acessed outside of the current working path (the directory that TeX was called from).



                  For example, suppose you are running TeX on a web server and suppose your home directory on that server is /home/foo and the root for your website is /home/foo/public_html (so, for example, if your website is www.example.com then www.example.com/index.php corresponds to the file /home/foo/public_html/index.php).



                  If you run TeX from your home directory (/home/foo) then, even with the paranoid setting, malicious code added to your document can overwrite public_html/index.php (if it's not protected by the filing system). Your website's home page is now corrupted.



                  With the file read operation, if the user gets to see the generated PDF, they can use malicious TeX code to access information from your system. Suppose you have a script /home/foo/public_html/foobar.php that accesses a database. This could be input verbatim into the document and the database connection information, including the password, can now be read from the PDF.



                  TeX code can be obfuscated so don't rely on using regular expressions to check for certain commands within the user-supplied code.



                  Summary:




                  • Ensure you have an up-to-date TeX installation.

                  • Invoke TeX with a timeout that will automatically kill the process if it goes on too long.

                  • Run TeX with -no-shell-escape.

                  • Run TeX in a safe directory that doesn't have any subdirectories leading to important files.

                  • Ensure that both openout_any and openin_any are set to p.

                  • If you need to view the generated PDF, make sure that your PDF viewer has JavaScript disabled.






                  share|improve this answer












                  This is an answer to the actual problem of running TeX as a subprocess on a document that contains user supplied code that you have no control over (rather than focusing on the particular example you've provided).



                  As already mentioned by others, it's trivially easy to trigger an infinite loop in TeX without generating any errors. Your example shows a plausible user mistake (forgetting the end of an environment) but you also need to guard against a malicious user deliberately triggering an infinite loop.



                  Whenever you have an application or script that spawns a subprocess that has the potential to run indefinitely it's a good idea to include a timeout. Since you're using Python, you might find the answers to Using module 'subprocess' with timeout useful.



                  There are, however, other types of malicious code that you need to consider. There were some significant improvements made in both TeX Live and MikTeX in 2010 to improve security, but there have also been some more recent fixes, such as:




                  • Buffer overflow in texlive-bin allowed arbitrary code execution when a malicious Type 1 font is loaded.

                  • Incorrect handling of certain files in TeX Live on Ubuntu 14.04 LTS


                  So make sure you have an up-to-date TeX distribution.



                  The security settings for TeX Live are in the texmf.cnf configuration file. There are two of these files by default and their locations can be found with kpsewhich -a texmf.cnf. One contains the default settings that shouldn't be modified. The other can be used to override specific settings if required.



                  The security settings for MikTeX are in the miktex.ini file.



                  The main source for concern is the shell escape (write18). There are three modes:




                  • Disabled (shell_escape=f in the texmf.cnf file or use -no-shell-escape when running TeX). This will prevent any systems commands from being called by TeX. This is the most secure mode.

                  • Restricted (shell_escape=p in the texmf.cnf file). This imposes the following restrictions on write18:


                    • Certain characters are forbidden (such as ' and ;) to prevent injection.

                    • Only applications on the trusted list can be run. These are identified in the shell_escape_commands setting in the texmf.cnf file. You can list them with kpsewhich -var-value=shell_escape_commands There are currently eight: bibtex, bibtex8, extractbb, gregorio, kpsewhich, makeindex, repstopdf, texosquery-jre8. These have been evaluated by the TeX Live security team and determined to be safe. (It is, however, possible to still misuse this setting with destructive effect, as I recently demonstrated in the UK TUG meeting.)



                  • Unrestricted (shell_escape=t in the texmf.cnf file or use -shell-escape when running TeX). This allows any system command to be called and is therefore insecure.


                  Another area of concern are the file I/O operations, which are essential to common document build requirements (such as generating table of contents, cross-referencing and indexes) but can be misused. In addition to the operating system's native file permissions, TeX also has settings to determine whether read or write access is allowed.



                  The texmf.cnf file has two settings openin_any and openout_any that may take one of the following values:





                  • a: any file allowed (if permitted by the operating system);


                  • r: (restricted) hidden dot files not allowed;


                  • p: (paranoid) hidden dot files not allowed, and disallow going to parent directories (..) and restrict absolute paths to be under $TEXMFOUTPUT.


                  The default values are:



                  openin_any = a
                  openout_any = p


                  The paranoid setting prevents files from being acessed outside of the current working path (the directory that TeX was called from).



                  For example, suppose you are running TeX on a web server and suppose your home directory on that server is /home/foo and the root for your website is /home/foo/public_html (so, for example, if your website is www.example.com then www.example.com/index.php corresponds to the file /home/foo/public_html/index.php).



                  If you run TeX from your home directory (/home/foo) then, even with the paranoid setting, malicious code added to your document can overwrite public_html/index.php (if it's not protected by the filing system). Your website's home page is now corrupted.



                  With the file read operation, if the user gets to see the generated PDF, they can use malicious TeX code to access information from your system. Suppose you have a script /home/foo/public_html/foobar.php that accesses a database. This could be input verbatim into the document and the database connection information, including the password, can now be read from the PDF.



                  TeX code can be obfuscated so don't rely on using regular expressions to check for certain commands within the user-supplied code.



                  Summary:




                  • Ensure you have an up-to-date TeX installation.

                  • Invoke TeX with a timeout that will automatically kill the process if it goes on too long.

                  • Run TeX with -no-shell-escape.

                  • Run TeX in a safe directory that doesn't have any subdirectories leading to important files.

                  • Ensure that both openout_any and openin_any are set to p.

                  • If you need to view the generated PDF, make sure that your PDF viewer has JavaScript disabled.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Nov 25 at 13:15









                  Nicola Talbot

                  33.6k257104




                  33.6k257104






















                      up vote
                      4
                      down vote













                      You have unbalanced environments/braces; begin{array} doesn't have end{array} and left. doesn't have right... Also, load breqn after amsmath and add lmodern for preventing missing font sizes substitution.



                      documentclass{article}
                      usepackage{graphicx,lmodern}
                      usepackage{draftwatermark}
                      usepackage{amsmath}
                      usepackage{breqn}
                      SetWatermarkText{FAST MATH}
                      SetWatermarkScale{2}
                      SetWatermarkVerCenter{0.6paperheight}
                      SetWatermarkAngle{30}

                      begin{document}

                      section{Input}
                      $ begin{array} { l } a) A = { 2 end{array}$
                      section{Solution}
                      ${a: 0}$

                      end{document}





                      share|improve this answer

















                      • 3




                        I know that there is unbalanced expression in the tex file(there may always be, as some part of it user input), what I need is frozen free pdfTex.
                        – heral
                        Nov 22 at 17:49















                      up vote
                      4
                      down vote













                      You have unbalanced environments/braces; begin{array} doesn't have end{array} and left. doesn't have right... Also, load breqn after amsmath and add lmodern for preventing missing font sizes substitution.



                      documentclass{article}
                      usepackage{graphicx,lmodern}
                      usepackage{draftwatermark}
                      usepackage{amsmath}
                      usepackage{breqn}
                      SetWatermarkText{FAST MATH}
                      SetWatermarkScale{2}
                      SetWatermarkVerCenter{0.6paperheight}
                      SetWatermarkAngle{30}

                      begin{document}

                      section{Input}
                      $ begin{array} { l } a) A = { 2 end{array}$
                      section{Solution}
                      ${a: 0}$

                      end{document}





                      share|improve this answer

















                      • 3




                        I know that there is unbalanced expression in the tex file(there may always be, as some part of it user input), what I need is frozen free pdfTex.
                        – heral
                        Nov 22 at 17:49













                      up vote
                      4
                      down vote










                      up vote
                      4
                      down vote









                      You have unbalanced environments/braces; begin{array} doesn't have end{array} and left. doesn't have right... Also, load breqn after amsmath and add lmodern for preventing missing font sizes substitution.



                      documentclass{article}
                      usepackage{graphicx,lmodern}
                      usepackage{draftwatermark}
                      usepackage{amsmath}
                      usepackage{breqn}
                      SetWatermarkText{FAST MATH}
                      SetWatermarkScale{2}
                      SetWatermarkVerCenter{0.6paperheight}
                      SetWatermarkAngle{30}

                      begin{document}

                      section{Input}
                      $ begin{array} { l } a) A = { 2 end{array}$
                      section{Solution}
                      ${a: 0}$

                      end{document}





                      share|improve this answer












                      You have unbalanced environments/braces; begin{array} doesn't have end{array} and left. doesn't have right... Also, load breqn after amsmath and add lmodern for preventing missing font sizes substitution.



                      documentclass{article}
                      usepackage{graphicx,lmodern}
                      usepackage{draftwatermark}
                      usepackage{amsmath}
                      usepackage{breqn}
                      SetWatermarkText{FAST MATH}
                      SetWatermarkScale{2}
                      SetWatermarkVerCenter{0.6paperheight}
                      SetWatermarkAngle{30}

                      begin{document}

                      section{Input}
                      $ begin{array} { l } a) A = { 2 end{array}$
                      section{Solution}
                      ${a: 0}$

                      end{document}






                      share|improve this answer












                      share|improve this answer



                      share|improve this answer










                      answered Nov 22 at 17:36









                      AboAmmar

                      31.5k22781




                      31.5k22781








                      • 3




                        I know that there is unbalanced expression in the tex file(there may always be, as some part of it user input), what I need is frozen free pdfTex.
                        – heral
                        Nov 22 at 17:49














                      • 3




                        I know that there is unbalanced expression in the tex file(there may always be, as some part of it user input), what I need is frozen free pdfTex.
                        – heral
                        Nov 22 at 17:49








                      3




                      3




                      I know that there is unbalanced expression in the tex file(there may always be, as some part of it user input), what I need is frozen free pdfTex.
                      – heral
                      Nov 22 at 17:49




                      I know that there is unbalanced expression in the tex file(there may always be, as some part of it user input), what I need is frozen free pdfTex.
                      – heral
                      Nov 22 at 17:49


















                      draft saved

                      draft discarded




















































                      Thanks for contributing an answer to TeX - LaTeX Stack Exchange!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.





                      Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                      Please pay close attention to the following guidance:


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2ftex.stackexchange.com%2fquestions%2f461319%2fpdftex-hang-prevention%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      Popular posts from this blog

                      Сан-Квентин

                      Алькесар

                      Josef Freinademetz