catdvi crashes on the attached file:

$ catdvi crash.dvi
unknown font encoding `' for family `', reverting to `TEX TEXT'
Glyph does not exist in font
Glyph does not exist in font
Glyph does not exist in font
Glyph does not exist in font
Segmentation fault


gdb says it's a null pointer dereference:

Program received signal SIGSEGV, Segmentation fault.
0x0805075a in font_char_depth (font=0, glyph=0) at fontinfo.c:515
515             de = tfm_tbl[font].char_info[ugly - tfm_tbl[font].bc].depth_index;
(gdb) print tfm_tbl[font].char_info
$2 = (struct char_info_t *) 0x0
(gdb) bt
#0  0x0805075a in font_char_depth (font=0, glyph=0) at fontinfo.c:515
#1  0x0805ba18 in output_glyph (font=0, glyph=0) at readdvi.c:149
#2  0x0805bded in process_file (f=0x8193d08) at readdvi.c:203
#3  0x0804a15b in main (argc=2, argv=0xffffd864) at catdvi.c:251
#4  0xf7e13a63 in __libc_start_main (main=0x80491f0 <main>, argc=2, argv=0xffffd864, init=0x8073d20 <__libc_csu_init>, fini=0x8073d90 <__libc_csu_fini>, rtld_fini=0xf7febc90 <_dl_fini>, stack_end=0xffffd85c) at libc-start.c:287
#5  0x0804a526 in _start ()


This bug was found using American fuzzy lop:
https://packages.debian.org/experimental/afl

Disclaimer: I don't have spare CPU cycles, so I fuzzed only till the
first crash (which took about 10 seconds). It's likely that extensive
fuzzing would uncover more interesting crashers. I'd encourage catdvi
maintainers to perform fuzzing with AFL on their own. :-)