From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from fx.arvanta.net (static-213-198-238-194.adsl.eunet.rs [213.198.238.194])
	by mandoc.bsd.lv (OpenSMTPD) with ESMTP id bc5edfb4
	for <discuss@mandoc.bsd.lv>;
	Mon, 2 Dec 2019 17:14:29 -0500 (EST)
Received: from arya.arvanta.net (arya.arvanta.net [10.5.1.6])
	by fx.arvanta.net (Postfix) with ESMTP id 9C1D025EE5
	for <discuss@mandoc.bsd.lv>; Mon,  2 Dec 2019 23:14:27 +0100 (CET)
Date: Mon, 2 Dec 2019 23:14:27 +0100
From: Milan =?utf-8?Q?P=2E_Stani=C4=87?= <mps@arvanta.net>
To: discuss@mandoc.bsd.lv
Subject: Re: Segmentation fault on some man pages
Message-ID: <20191202221427.GA17513@arya.arvanta.net>
References: <20191130193926.GA23904@arya.arvanta.net>
 <20191202210500.GA91782@athene.usta.de>
X-Mailinglist: mandoc-discuss
Reply-To: discuss@mandoc.bsd.lv
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20191202210500.GA91782@athene.usta.de>

Hello Ingo,

On Mon, 2019-12-02 at 22:05, Ingo Schwarze wrote:
> Hello Milan,
> 
> Milan P. Stanic wrote on Sat, Nov 30, 2019 at 08:39:26PM +0100:
> 
> > Sorry if this is not right list to post bug report
> 
> discuss@, tech@, or devel@ are all fine for bug reports.
> 
>  - discuss@ is best when you think that many people may be affected
>    and/or if it feels important or serious
>  - tech@ is better for minor quirks that fewer people are likely
>    to be interested in
>  - devel@ provides as choice to report a bug privately if you
>    prefer that for whatever reason
> 
> > but I can't find where to post it.
> 
> https://mandoc.bsd.lv/contact.html

Yes, I found this link and subscribed to discuss@

> > On Alpine linux (musl libc) we discovered 'Segmentation fault' when
> > running 'man nft' (nftables man page).
> 
> Thanks for reporting.
> 
> > We have mandoc (named mdocml=1.14.5-r0 in our distribution) and it works
                                 ^^^^^^
In Alpine linux we are using version 1.14.5 of mandoc/mdocml, which are
latest stable version, I think.

> > fine, except this for 'nft' man page.
> > 
> > This is excerpt from 'ltrace man nft':
> > putwchar(9472, 9472, 0x7fe813c0bbab, 0)
> > strcmp(nil, "\\^" <no return ...>
> > --- SIGSEGV (Segmentation fault) ---
> > +++ killed by SIGSEGV +++
> 
> I tried to reporduce with the input file
> 
>   https://manpages.debian.org/testing/nftables/nft.8.en.gz
> 
> but mandoc-current on OpenBSD-current does not crash.
> Is that the exact version of the input file nft.8 that you are using?
> If not, could you send a copy of the nft.8 that crashes for you
> to me directly (not needed on the list)?

Of course, I will post it to your mail address to not fill mailing list
unnecessary.

> > I looked in source and found problem in tbl_term.c file.
> > I made crude hack by removing few lines in tbl_term.c and build mandoc
> > again and with these changes it works without (visible to me) problem
> > for man pages I tried and for nft man page.
> > 
> > I'm attaching patch I made, but I think it is not proper fix and hope
> > that some of you experienced in this will make proper fix.
> > File I'm attaching is just hint.
> 
> Hmmm...  The code in mandoc-current does not match the code
> on the "-"-lines of your patch below.  Mandoc-current contains:
> 
> 	/* Print the horizontal line inside this column. */
> 
> 	lw = cpp == NULL || cpn == NULL ||
> 	    (cpn->pos != TBL_CELL_DOWN &&
> 	     (dpn == NULL || dpn->string == NULL ||
> 	      strcmp(dpn->string, "\\^") != 0))
> 	    ? hw : 0;
> [...]
> 	/* The horizontal line inside the next column. */
> 
> 	rw = cpp == NULL || cpn == NULL ||
> 	    (cpn->pos != TBL_CELL_DOWN &&
> 	     (dpn == NULL || dpn->string == NULL ||
> 	      strcmp(dpn->string, "\\^") != 0))
> 	    ? hw : 0;
> 
> I suspect the following commit might already have fixed your problem
> about eight months ago:
> 
>   https://cvsweb.bsd.lv/mandoc/tbl_term.c#rev1.70
>   https://cvsweb.bsd.lv/mandoc/tbl_term.c.diff?r1=1.69&r2=1.70

I found patch in Void linux source packages
https://github.com/void-linux/void-packages/blob/master/srcpkgs/mdocml/patches/fix-tbl-NULL-pointer-dereference.patch
which looks like it is taken from your link above
https://cvsweb.bsd.lv/mandoc/tbl_term.c.diff?r1=1.69&r2=1.70


> Does that fix the issue for you?

Yes, this patch fixes segmentation fault on Alpine.

> If so, consider adding a combined patch containing
> rev.s 1.70 and 1.71 to your port until i roll a new release:
> 
>   https://cvsweb.bsd.lv/mandoc/tbl_term.c.diff?r1=1.69&r2=1.71

Will try and see if it works.

Thank you for help

-- 
Best regards
 
> Yours,
>   Ingo
> 
> 
> > --- a/tbl_term.c	2019-03-10 10:56:43.000000000 +0100
> > +++ b/tbl_term.c	2019-11-30 14:38:12.918969863 +0100
> > @@ -625,8 +626,7 @@
> >  		/* Print the horizontal line inside this column. */
> >  
> >  		lw = cpp == NULL || cpn == NULL ||
> > -		    (cpn->pos != TBL_CELL_DOWN &&
> > -		     (dpn == NULL || strcmp(dpn->string, "\\^") != 0))
> > +		    cpn->pos != TBL_CELL_DOWN
> >  		    ? hw : 0;
> >  		tbl_direct_border(tp, BHORIZ * lw,
> >  		    col->width + col->spacing / 2);
> > @@ -669,8 +669,7 @@
> >  		/* The horizontal line inside the next column. */
> >  
> >  		rw = cpp == NULL || cpn == NULL ||
> > -		    (cpn->pos != TBL_CELL_DOWN &&
> > -		     (dpn == NULL || strcmp(dpn->string, "\\^") != 0))
> > +		    cpn->pos != TBL_CELL_DOWN
> >  		    ? hw : 0;
> >  
> >  		/* The line crossing at the end of this column. */
> --
>  To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv
> 
--
 To unsubscribe send an email to discuss+unsubscribe@mandoc.bsd.lv