discuss@mandoc.bsd.lv
 help / color / Atom feed
* Segmentation fault on some man pages
@ 2019-11-30 19:39 Milan P. Stanić
  2019-12-02 21:05 ` Ingo Schwarze
  0 siblings, 1 reply; 3+ messages in thread
From: Milan P. Stanić @ 2019-11-30 19:39 UTC (permalink / raw)
  To: discuss


[-- Attachment #1: Type: text/plain, Size: 906 bytes --]

Hello,

Sorry if this is not right list to post bug report but I can't find
where to post it.

On Alpine linux (musl libc) we discovered 'Segmentation fault' when
running 'man nft' (nftables man page).

We have mandoc (named mdocml=1.14.5-r0 in our distribution) and it works
fine, except this for 'nft' man page.

This is excerpt from 'ltrace man nft':
putwchar(9472, 9472, 0x7fe813c0bbab, 0)
strcmp(nil, "\\^" <no return ...>
--- SIGSEGV (Segmentation fault) ---
+++ killed by SIGSEGV +++

I looked in source and found problem in tbl_term.c file.
I made crude hack by removing few lines in tbl_term.c and build mandoc
again and with these changes it works without (visible to me) problem
for man pages I tried and for nft man page.

I'm attaching patch I made, but I think it is not proper fix and hope
that some of you experienced in this will make proper fix.
File I'm attaching is just hint.

-- 
Tia

[-- Attachment #2: fix-tbl_term.patch --]
[-- Type: text/x-diff, Size: 757 bytes --]

--- a/tbl_term.c	2019-03-10 10:56:43.000000000 +0100
+++ b/tbl_term.c	2019-11-30 14:38:12.918969863 +0100
@@ -625,8 +626,7 @@
 		/* Print the horizontal line inside this column. */
 
 		lw = cpp == NULL || cpn == NULL ||
-		    (cpn->pos != TBL_CELL_DOWN &&
-		     (dpn == NULL || strcmp(dpn->string, "\\^") != 0))
+		    cpn->pos != TBL_CELL_DOWN
 		    ? hw : 0;
 		tbl_direct_border(tp, BHORIZ * lw,
 		    col->width + col->spacing / 2);
@@ -669,8 +669,7 @@
 		/* The horizontal line inside the next column. */
 
 		rw = cpp == NULL || cpn == NULL ||
-		    (cpn->pos != TBL_CELL_DOWN &&
-		     (dpn == NULL || strcmp(dpn->string, "\\^") != 0))
+		    cpn->pos != TBL_CELL_DOWN
 		    ? hw : 0;
 
 		/* The line crossing at the end of this column. */

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Segmentation fault on some man pages
  2019-11-30 19:39 Segmentation fault on some man pages Milan P. Stanić
@ 2019-12-02 21:05 ` Ingo Schwarze
  2019-12-02 22:14   ` Milan P. Stanić
  0 siblings, 1 reply; 3+ messages in thread
From: Ingo Schwarze @ 2019-12-02 21:05 UTC (permalink / raw)
  To: Milan P. Stanić; +Cc: discuss

Hello Milan,

Milan P. Stanic wrote on Sat, Nov 30, 2019 at 08:39:26PM +0100:

> Sorry if this is not right list to post bug report

discuss@, tech@, or devel@ are all fine for bug reports.

 - discuss@ is best when you think that many people may be affected
   and/or if it feels important or serious
 - tech@ is better for minor quirks that fewer people are likely
   to be interested in
 - devel@ provides as choice to report a bug privately if you
   prefer that for whatever reason

> but I can't find where to post it.

https://mandoc.bsd.lv/contact.html

> On Alpine linux (musl libc) we discovered 'Segmentation fault' when
> running 'man nft' (nftables man page).

Thanks for reporting.

> We have mandoc (named mdocml=1.14.5-r0 in our distribution) and it works
> fine, except this for 'nft' man page.
> 
> This is excerpt from 'ltrace man nft':
> putwchar(9472, 9472, 0x7fe813c0bbab, 0)
> strcmp(nil, "\\^" <no return ...>
> --- SIGSEGV (Segmentation fault) ---
> +++ killed by SIGSEGV +++

I tried to reporduce with the input file

  https://manpages.debian.org/testing/nftables/nft.8.en.gz

but mandoc-current on OpenBSD-current does not crash.
Is that the exact version of the input file nft.8 that you are using?
If not, could you send a copy of the nft.8 that crashes for you
to me directly (not needed on the list)?

> I looked in source and found problem in tbl_term.c file.
> I made crude hack by removing few lines in tbl_term.c and build mandoc
> again and with these changes it works without (visible to me) problem
> for man pages I tried and for nft man page.
> 
> I'm attaching patch I made, but I think it is not proper fix and hope
> that some of you experienced in this will make proper fix.
> File I'm attaching is just hint.

Hmmm...  The code in mandoc-current does not match the code
on the "-"-lines of your patch below.  Mandoc-current contains:

	/* Print the horizontal line inside this column. */

	lw = cpp == NULL || cpn == NULL ||
	    (cpn->pos != TBL_CELL_DOWN &&
	     (dpn == NULL || dpn->string == NULL ||
	      strcmp(dpn->string, "\\^") != 0))
	    ? hw : 0;
[...]
	/* The horizontal line inside the next column. */

	rw = cpp == NULL || cpn == NULL ||
	    (cpn->pos != TBL_CELL_DOWN &&
	     (dpn == NULL || dpn->string == NULL ||
	      strcmp(dpn->string, "\\^") != 0))
	    ? hw : 0;

I suspect the following commit might already have fixed your problem
about eight months ago:

  https://cvsweb.bsd.lv/mandoc/tbl_term.c#rev1.70
  https://cvsweb.bsd.lv/mandoc/tbl_term.c.diff?r1=1.69&r2=1.70

Does that fix the issue for you?

If so, consider adding a combined patch containing
rev.s 1.70 and 1.71 to your port until i roll a new release:

  https://cvsweb.bsd.lv/mandoc/tbl_term.c.diff?r1=1.69&r2=1.71

Yours,
  Ingo


> --- a/tbl_term.c	2019-03-10 10:56:43.000000000 +0100
> +++ b/tbl_term.c	2019-11-30 14:38:12.918969863 +0100
> @@ -625,8 +626,7 @@
>  		/* Print the horizontal line inside this column. */
>  
>  		lw = cpp == NULL || cpn == NULL ||
> -		    (cpn->pos != TBL_CELL_DOWN &&
> -		     (dpn == NULL || strcmp(dpn->string, "\\^") != 0))
> +		    cpn->pos != TBL_CELL_DOWN
>  		    ? hw : 0;
>  		tbl_direct_border(tp, BHORIZ * lw,
>  		    col->width + col->spacing / 2);
> @@ -669,8 +669,7 @@
>  		/* The horizontal line inside the next column. */
>  
>  		rw = cpp == NULL || cpn == NULL ||
> -		    (cpn->pos != TBL_CELL_DOWN &&
> -		     (dpn == NULL || strcmp(dpn->string, "\\^") != 0))
> +		    cpn->pos != TBL_CELL_DOWN
>  		    ? hw : 0;
>  
>  		/* The line crossing at the end of this column. */
--
 To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Segmentation fault on some man pages
  2019-12-02 21:05 ` Ingo Schwarze
@ 2019-12-02 22:14   ` Milan P. Stanić
  0 siblings, 0 replies; 3+ messages in thread
From: Milan P. Stanić @ 2019-12-02 22:14 UTC (permalink / raw)
  To: discuss

Hello Ingo,

On Mon, 2019-12-02 at 22:05, Ingo Schwarze wrote:
> Hello Milan,
> 
> Milan P. Stanic wrote on Sat, Nov 30, 2019 at 08:39:26PM +0100:
> 
> > Sorry if this is not right list to post bug report
> 
> discuss@, tech@, or devel@ are all fine for bug reports.
> 
>  - discuss@ is best when you think that many people may be affected
>    and/or if it feels important or serious
>  - tech@ is better for minor quirks that fewer people are likely
>    to be interested in
>  - devel@ provides as choice to report a bug privately if you
>    prefer that for whatever reason
> 
> > but I can't find where to post it.
> 
> https://mandoc.bsd.lv/contact.html

Yes, I found this link and subscribed to discuss@

> > On Alpine linux (musl libc) we discovered 'Segmentation fault' when
> > running 'man nft' (nftables man page).
> 
> Thanks for reporting.
> 
> > We have mandoc (named mdocml=1.14.5-r0 in our distribution) and it works
                                 ^^^^^^
In Alpine linux we are using version 1.14.5 of mandoc/mdocml, which are
latest stable version, I think.

> > fine, except this for 'nft' man page.
> > 
> > This is excerpt from 'ltrace man nft':
> > putwchar(9472, 9472, 0x7fe813c0bbab, 0)
> > strcmp(nil, "\\^" <no return ...>
> > --- SIGSEGV (Segmentation fault) ---
> > +++ killed by SIGSEGV +++
> 
> I tried to reporduce with the input file
> 
>   https://manpages.debian.org/testing/nftables/nft.8.en.gz
> 
> but mandoc-current on OpenBSD-current does not crash.
> Is that the exact version of the input file nft.8 that you are using?
> If not, could you send a copy of the nft.8 that crashes for you
> to me directly (not needed on the list)?

Of course, I will post it to your mail address to not fill mailing list
unnecessary.

> > I looked in source and found problem in tbl_term.c file.
> > I made crude hack by removing few lines in tbl_term.c and build mandoc
> > again and with these changes it works without (visible to me) problem
> > for man pages I tried and for nft man page.
> > 
> > I'm attaching patch I made, but I think it is not proper fix and hope
> > that some of you experienced in this will make proper fix.
> > File I'm attaching is just hint.
> 
> Hmmm...  The code in mandoc-current does not match the code
> on the "-"-lines of your patch below.  Mandoc-current contains:
> 
> 	/* Print the horizontal line inside this column. */
> 
> 	lw = cpp == NULL || cpn == NULL ||
> 	    (cpn->pos != TBL_CELL_DOWN &&
> 	     (dpn == NULL || dpn->string == NULL ||
> 	      strcmp(dpn->string, "\\^") != 0))
> 	    ? hw : 0;
> [...]
> 	/* The horizontal line inside the next column. */
> 
> 	rw = cpp == NULL || cpn == NULL ||
> 	    (cpn->pos != TBL_CELL_DOWN &&
> 	     (dpn == NULL || dpn->string == NULL ||
> 	      strcmp(dpn->string, "\\^") != 0))
> 	    ? hw : 0;
> 
> I suspect the following commit might already have fixed your problem
> about eight months ago:
> 
>   https://cvsweb.bsd.lv/mandoc/tbl_term.c#rev1.70
>   https://cvsweb.bsd.lv/mandoc/tbl_term.c.diff?r1=1.69&r2=1.70

I found patch in Void linux source packages
https://github.com/void-linux/void-packages/blob/master/srcpkgs/mdocml/patches/fix-tbl-NULL-pointer-dereference.patch
which looks like it is taken from your link above
https://cvsweb.bsd.lv/mandoc/tbl_term.c.diff?r1=1.69&r2=1.70


> Does that fix the issue for you?

Yes, this patch fixes segmentation fault on Alpine.

> If so, consider adding a combined patch containing
> rev.s 1.70 and 1.71 to your port until i roll a new release:
> 
>   https://cvsweb.bsd.lv/mandoc/tbl_term.c.diff?r1=1.69&r2=1.71

Will try and see if it works.

Thank you for help

-- 
Best regards
 
> Yours,
>   Ingo
> 
> 
> > --- a/tbl_term.c	2019-03-10 10:56:43.000000000 +0100
> > +++ b/tbl_term.c	2019-11-30 14:38:12.918969863 +0100
> > @@ -625,8 +626,7 @@
> >  		/* Print the horizontal line inside this column. */
> >  
> >  		lw = cpp == NULL || cpn == NULL ||
> > -		    (cpn->pos != TBL_CELL_DOWN &&
> > -		     (dpn == NULL || strcmp(dpn->string, "\\^") != 0))
> > +		    cpn->pos != TBL_CELL_DOWN
> >  		    ? hw : 0;
> >  		tbl_direct_border(tp, BHORIZ * lw,
> >  		    col->width + col->spacing / 2);
> > @@ -669,8 +669,7 @@
> >  		/* The horizontal line inside the next column. */
> >  
> >  		rw = cpp == NULL || cpn == NULL ||
> > -		    (cpn->pos != TBL_CELL_DOWN &&
> > -		     (dpn == NULL || strcmp(dpn->string, "\\^") != 0))
> > +		    cpn->pos != TBL_CELL_DOWN
> >  		    ? hw : 0;
> >  
> >  		/* The line crossing at the end of this column. */
> --
>  To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv
> 
--
 To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-30 19:39 Segmentation fault on some man pages Milan P. Stanić
2019-12-02 21:05 ` Ingo Schwarze
2019-12-02 22:14   ` Milan P. Stanić

discuss@mandoc.bsd.lv

Archives are clonable: git clone --mirror http://inbox.vuxu.org/mandoc-discuss

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.mandoc.discuss


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git