From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from scc-mailout-kit-01.scc.kit.edu (scc-mailout-kit-01.scc.kit.edu [129.13.231.81]) by fantadrom.bsd.lv (OpenSMTPD) with ESMTP id d37676d7 for ; Sat, 28 Jan 2017 13:55:56 -0500 (EST) Received: from asta-nat.asta.uni-karlsruhe.de ([172.22.63.82] helo=hekate.usta.de) by scc-mailout-kit-01.scc.kit.edu with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (envelope-from ) id 1cXYAD-0001S1-Bz; Sat, 28 Jan 2017 19:55:55 +0100 Received: from donnerwolke.usta.de ([172.24.96.3]) by hekate.usta.de with esmtp (Exim 4.77) (envelope-from ) id 1cXYAC-0001Km-NP; Sat, 28 Jan 2017 19:55:52 +0100 Received: from athene.usta.de ([172.24.96.10]) by donnerwolke.usta.de with esmtp (Exim 4.84_2) (envelope-from ) id 1cXYAC-0004QT-Dv; Sat, 28 Jan 2017 19:55:52 +0100 Received: from localhost (athene.usta.de [local]) by athene.usta.de (OpenSMTPD) with ESMTPA id db8ea89c; Sat, 28 Jan 2017 19:55:52 +0100 (CET) Date: Sat, 28 Jan 2017 19:55:52 +0100 From: Ingo Schwarze To: Michael Stapelberg Cc: tech@mdocml.bsd.lv Subject: Re: Bug: crash in mdoc_bl_pre() in mdoc_html.c:843 Message-ID: <20170128185552.GA25764@athene.usta.de> References: X-Mailinglist: mdocml-tech Reply-To: tech@mdocml.bsd.lv MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.6.2 (2016-07-01) Hi Michael, Thanks for the excellent report. I didn't even need to fire up the debugger to understand what was going on and to fix it. Yours, Ingo Log Message: ----------- .Bl -column with zero columns is legal, so don't segfalt on it. Bug introduced in rev. 1.248 triggered for example in gssapi(3), analyzed and reported by Michael . Simplify the code a bit more while here. Modified Files: -------------- mdocml: mdoc_html.c Revision Data ------------- Index: mdoc_html.c =================================================================== RCS file: /home/cvs/mdocml/mdocml/mdoc_html.c,v retrieving revision 1.261 retrieving revision 1.262 diff -Lmdoc_html.c -Lmdoc_html.c -u -p -r1.261 -r1.262 --- mdoc_html.c +++ mdoc_html.c @@ -817,18 +817,21 @@ mdoc_it_pre(MDOC_ARGS) static int mdoc_bl_pre(MDOC_ARGS) { + struct mdoc_bl *bl; const char *cattr; - int i; + size_t i; enum htmltag elemtype; + bl = &n->norm->Bl; + if (n->type == ROFFT_BODY) { - if (LIST_column == n->norm->Bl.type) + if (bl->type == LIST_column) print_otag(h, TAG_TBODY, ""); return 1; } if (n->type == ROFFT_HEAD) { - if (LIST_column != n->norm->Bl.type) + if (bl->type != LIST_column || bl->ncols == 0) return 0; /* @@ -838,14 +841,13 @@ mdoc_bl_pre(MDOC_ARGS) * screen and we want to preserve that behaviour. */ - for (i = 0; i < (int)n->norm->Bl.ncols - 1; i++) - print_otag(h, TAG_COL, "sww", n->norm->Bl.cols[i]); - print_otag(h, TAG_COL, "swW", n->norm->Bl.cols[i]); - + for (i = 0; i < bl->ncols - 1; i++) + print_otag(h, TAG_COL, "sww", bl->cols[i]); + print_otag(h, TAG_COL, "swW", bl->cols[i]); return 0; } - switch (n->norm->Bl.type) { + switch (bl->type) { case LIST_bullet: elemtype = TAG_UL; cattr = "Bl-bullet"; @@ -881,14 +883,12 @@ mdoc_bl_pre(MDOC_ARGS) break; case LIST_tag: cattr = "Bl-tag"; - if (n->norm->Bl.offs) - print_otag(h, TAG_DIV, "cswl", cattr, - n->norm->Bl.offs); - if (n->norm->Bl.width == NULL) + if (bl->offs) + print_otag(h, TAG_DIV, "cswl", cattr, bl->offs); + if (bl->width == NULL) print_otag(h, TAG_DL, "c", cattr); else - print_otag(h, TAG_DL, "cswl", cattr, - n->norm->Bl.width); + print_otag(h, TAG_DL, "cswl", cattr, bl->width); return 1; case LIST_column: elemtype = TAG_TABLE; @@ -898,8 +898,8 @@ mdoc_bl_pre(MDOC_ARGS) abort(); } - if (n->norm->Bl.offs) - print_otag(h, elemtype, "cswl", cattr, n->norm->Bl.offs); + if (bl->offs) + print_otag(h, elemtype, "cswl", cattr, bl->offs); else print_otag(h, elemtype, "c", cattr); -- To unsubscribe send an email to tech+unsubscribe@mdocml.bsd.lv