* mandoc 1.14.3 segfault
@ 2017-08-12 10:27 Michael Stapelberg
2017-08-12 10:57 ` Jan Stary
2017-09-06 16:30 ` Ingo Schwarze
0 siblings, 2 replies; 4+ messages in thread
From: Michael Stapelberg @ 2017-08-12 10:27 UTC (permalink / raw)
To: tech
[-- Attachment #1: Type: text/plain, Size: 7964 bytes --]
Hey,
I’m running into a segfault with mandoc 1.14.3. Steps to reproduce and full
backtrace follow below. Please let me know if you need anything else, and
thanks in advance for taking a look:
% curl https://manpages.debian.org/stretch/tcpreplay/tcprewrite.1.en.gz |
mandoc -Thtml
% Total % Received % Xferd Average Speed Time Time Time
Current
Dload Upload Total Spent Left
Speed
100 16621 0 16621 0 0 18902 0 --:--:-- --:--:-- --:--:--
18887
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8"/>
<style>
table.head, table.foot { width: 100%; }
td.head-rtitle, td.foot-os { text-align: right; }
td.head-vol { text-align: center; }
div.Pp { margin: 1ex 0ex; }
</style>
<title>TCPREWRITE(1)</title>
</head>
<body>
<table class="head">
<tr>
<td class="head-ltitle">TCPREWRITE(1)</td>
<td class="head-vol">Programmer's Manual</td>
<td class="head-rtitle">TCPREWRITE(1)</td>
</tr>
</table>
<div class="manual-text">
<h1 class="Sh" title="Sh" id="NAME"><a class="selflink"
href="#NAME">NAME</a></h1>
tcprewrite - Rewrite the packets in a pcap file.
<h1 class="Sh" title="Sh" id="SYNOPSIS"><a class="selflink"
href="#SYNOPSIS">SYNOPSIS</a></h1>
<b>tcprewrite</b> [<b>-<i>flag</i></b> [<i>value</i>]]...
[<b>--<i>opt-name</i></b> [[=| ]<i>value</i>]]...
<div class="Pp"></div>
All arguments must be options.
<h1 class="Sh" title="Sh" id="DESCRIPTION"><a class="selflink"
href="#DESCRIPTION">DESCRIPTION</a></h1>
This manual page briefly documents the <b>tcprewrite</b> command.
Tcprewrite is
a tool to rewrite packets stored in <i>pcap(3)</i> file format, such as
crated
by tools such as <i>tcpdump(1)</i> and <i>ethereal(1)</i>. Once a pcap
file
has had it's packets rewritten, they can be replayed back out on the
network
using <i>tcpreplay(1)</i>.
<div style="height: 1.00em;"> </div>
tcprewrite currently supports reading the following DLT types:
<div style="height: 1.00em;"> </div>
<b>DLT_C_HDLC</b> aka Cisco HDLC
<div style="height: 1.00em;"> </div>
<b>DLT_EN10MB</b> aka Ethernet
<div style="height: 1.00em;"> </div>
<b>DLT_LINUX_SLL</b> aka Linux Cooked Socket
<div style="height: 1.00em;"> </div>
<b>DLT_RAW</b> aka RAW IP
<div style="height: 1.00em;"> </div>
<b>DLT_NULL</b> aka BSD Loopback
<div style="height: 1.00em;"> </div>
<b>DLT_LOOP</b> aka OpenBSD Loopback
<div style="height: 1.00em;"> </div>
<b>DLT_IEEE802_11</b> aka 802.11a/b/g
<div style="height: 1.00em;"> </div>
<b>DLT_IEEE802_11_RADIO</b> aka 802.11a/b/g with Radiotap headers
<div style="height: 1.00em;"> </div>
Please see the --dlt option for supported DLT types for writing.
<div style="height: 1.00em;"> </div>
The packet editing features of tcprewrite which distinguish between
"client" and "server" traffic requires a tcpprep(1)
cache
file.
<div style="height: 1.00em;"> </div>
For more details, please see the Tcpreplay Manual at:
http://tcpreplay.synfin.net/trac/wiki/manual
<h1 class="Sh" title="Sh" id="OPTIONS"><a class="selflink"
href="#OPTIONS">OPTIONS</a></h1>
zsh: done curl
https://manpages.debian.org/stretch/tcpreplay/tcprewrite.1.en.gz |
zsh: segmentation fault (core dumped) mandoc -Thtml
% gdb =mandoc core
Reading symbols from /usr/bin/mandoc...Reading symbols from
/usr/lib/debug/.build-id/05/d31ff6a59b9781107cf5670079cfec1af6cada.debug...done.
done.
[New LWP 26130]
Core was generated by `mandoc -Thtml'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x0000559dfe7fd32c in html_make_id (n=<optimized out>) at html.c:256
256 for (cp = buf; *cp != '\0'; cp++)
gdb $ backtrace full
#0 0x0000559dfe7fd32c in html_make_id (n=<optimized out>) at html.c:256
nch = <optimized out>
buf = 0x0
cp = 0x0
#1 0x0000559dfe7ff751 in man_SS_pre (man=<optimized out>, n=<optimized
out>, h=0x559dff5d08a0) at man_html.c:492
id = <optimized out>
man = <optimized out>
h = 0x559dff5d08a0
n = <optimized out>
#2 0x0000559dfe7ff0f4 in print_man_node (man=0x559dff5d0750,
n=0x559dff5ea490, h=0x559dff5d08a0) at man_html.c:316
want_fillmode = 385
save_fillmode = 0
t = 0x559dff5d4d50
child = 1
__PRETTY_FUNCTION__ = "print_man_node"
#3 0x0000559dfe7ff256 in print_man_nodelist (h=<optimized out>,
n=0x559dff5ea490, man=<optimized out>) at man_html.c:180
No locals.
#4 print_man_node (man=0x559dff5d0750, n=0x559dff5ea3f0, h=0x559dff5d08a0)
at man_html.c:326
want_fillmode = 385
save_fillmode = 0
t = 0x559dff5d4d50
child = <optimized out>
__PRETTY_FUNCTION__ = "print_man_node"
#5 0x0000559dfe7ff256 in print_man_nodelist (h=<optimized out>,
n=0x559dff5ea3f0, man=<optimized out>) at man_html.c:180
No locals.
#6 print_man_node (man=0x559dff5d0750, n=0x559dff5ea350, h=0x559dff5d08a0)
at man_html.c:326
want_fillmode = 385
save_fillmode = 0
t = 0x559dff5d4d50
child = <optimized out>
__PRETTY_FUNCTION__ = "print_man_node"
#7 0x0000559dfe7ff256 in print_man_nodelist (h=<optimized out>,
n=0x559dff5ea350, man=<optimized out>) at man_html.c:180
No locals.
#8 print_man_node (man=0x559dff5d0750, n=0x559dff5ea150, h=0x559dff5d08a0)
at man_html.c:326
want_fillmode = 385
save_fillmode = 0
t = 0x559dff5d4d50
child = <optimized out>
__PRETTY_FUNCTION__ = "print_man_node"
#9 0x0000559dfe7ffade in print_man_nodelist (h=0x559dff5d08a0,
n=0x559dff5ea150, man=0x559dff5d0750) at man_html.c:180
No locals.
#10 html_man (arg=0x559dff5d08a0, man=0x559dff5d0750) at man_html.c:157
h = 0x559dff5d08a0
t = 0x559dff5d4d50
#11 0x0000559dfe816f1e in parse (curp=0x7ffde46ce240, fd=0,
file=0x559dfe8393e1 "<stdin>") at main.c:801
rctmp = MANDOCLEVEL_OK
man = 0x559dff5d0750
__PRETTY_FUNCTION__ = "parse"
#12 0x0000559dfe7fc1a8 in main (argc=<optimized out>, argv=<optimized out>)
at main.c:466
conf = {
output = {
includes = 0x0,
man = 0x0,
paper = 0x0,
style = 0x0,
indent = 0,
width = 0,
fragment = 0,
mdoc = 0,
synopsisonly = 0,
noval = 0
},
manpath = {
paths = 0x0,
sz = 0
}
}
search = {
arch = 0x0,
sec = 0x0,
outkey = 0x559dfe836fc0 "Nd",
argmode = ARG_FILE,
firstmatch = 0
}
curp = {
mp = 0x559dff5d0020,
outopts = 0x7ffde46ce270,
outdata = 0x559dff5d08a0,
os_s = 0x0,
wstop = 0,
mmin = MANDOCERR_MAX,
os_e = MANDOC_OS_OTHER,
outtype = OUTT_HTML
}
tag_files = 0x0
res = 0x0
resp = <optimized out>
progname = <optimized out>
sec = <optimized out>
thisarg = <optimized out>
conf_file = 0x0
defpaths = 0x0
auxpaths = 0x0
oarg = <optimized out>
uc = <optimized out>
i = <optimized out>
sz = 0
prio = <optimized out>
best_prio = <optimized out>
outmode = <optimized out>
fd = <optimized out>
show_usage = 0
options = <optimized out>
use_pager = <optimized out>
status = 0
signum = <optimized out>
c = <optimized out>
pager_pid = <optimized out>
tc_pgid = <optimized out>
man_pgid = <optimized out>
pid = <optimized out>
--
Best regards,
Michael
[-- Attachment #2: Type: text/html, Size: 12002 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: mandoc 1.14.3 segfault
2017-08-12 10:27 mandoc 1.14.3 segfault Michael Stapelberg
@ 2017-08-12 10:57 ` Jan Stary
2017-08-29 7:04 ` Michael Stapelberg
2017-09-06 16:30 ` Ingo Schwarze
1 sibling, 1 reply; 4+ messages in thread
From: Jan Stary @ 2017-08-12 10:57 UTC (permalink / raw)
To: tech
On Aug 12 12:27:32, stapelberg@debian.org wrote:
> I’m running into a segfault with mandoc 1.14.3. Steps to reproduce and full
> backtrace follow below. Please let me know if you need anything else, and
> thanks in advance for taking a look:
>
> % curl https://manpages.debian.org/stretch/tcpreplay/tcprewrite.1.en.gz |
> mandoc -Thtml
The curl pipe apparenly has nothing to do with it,
I can reproduce the sgfault locally with
mandoc -Thtml tcprewrite.1.en.gz
Note that the gzip file is not a gzip file.
--
To unsubscribe send an email to tech+unsubscribe@mandoc.bsd.lv
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: mandoc 1.14.3 segfault
2017-08-12 10:57 ` Jan Stary
@ 2017-08-29 7:04 ` Michael Stapelberg
0 siblings, 0 replies; 4+ messages in thread
From: Michael Stapelberg @ 2017-08-29 7:04 UTC (permalink / raw)
To: tech
Any news on this issue? This is blocking upgrading manpages.debian.org
to the new mandoc release.
On Sat, Aug 12, 2017 at 12:57 PM, Jan Stary <hans@stare.cz> wrote:
> On Aug 12 12:27:32, stapelberg@debian.org wrote:
>> Ib
>> backtrace follow below. Please let me know if you need anything else, and
>> thanks in advance for taking a look:
>>
>> % curl https://manpages.debian.org/stretch/tcpreplay/tcprewrite.1.en.gz |
>> mandoc -Thtml
>
> The curl pipe apparenly has nothing to do with it,
> I can reproduce the sgfault locally with
>
> mandoc -Thtml tcprewrite.1.en.gz
>
> Note that the gzip file is not a gzip file.
> --
> To unsubscribe send an email to tech+unsubscribe@mandoc.bsd.lv
>
--
Best regards,
Michael
--
To unsubscribe send an email to tech+unsubscribe@mandoc.bsd.lv
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: mandoc 1.14.3 segfault
2017-08-12 10:27 mandoc 1.14.3 segfault Michael Stapelberg
2017-08-12 10:57 ` Jan Stary
@ 2017-09-06 16:30 ` Ingo Schwarze
1 sibling, 0 replies; 4+ messages in thread
From: Ingo Schwarze @ 2017-09-06 16:30 UTC (permalink / raw)
To: Michael Stapelberg; +Cc: tech
Hi Michael,
Michael Stapelberg wrote on Sat, Aug 12, 2017 at 12:27:32PM +0200:
> I'm running into a segfault with mandoc 1.14.3.
Sorry for the delay, i got distracted by xlocale support in our libc.
I just committed the patch below.
Given that
.SS ""
is quite exotic (and nonsensical), i consider the issue minor
and not requiring an emergency release.
Thanks for both the report and the reminder!
Yours,
Ingo
Log Message:
-----------
fix a NULL pointer access on deroff() failure;
could be triggered with '.SS ""';
reported by Michael <Stapelberg at debian>
Modified Files:
--------------
mandoc:
html.c
Revision Data
-------------
Index: html.c
===================================================================
RCS file: /home/cvs/mandoc/mandoc/html.c,v
retrieving revision 1.219
retrieving revision 1.220
diff -Lhtml.c -Lhtml.c -u -p -r1.219 -r1.220
--- html.c
+++ html.c
@@ -250,6 +250,8 @@ html_make_id(const struct roff_node *n)
buf = NULL;
deroff(&buf, n);
+ if (buf == NULL)
+ return NULL;
/* http://www.w3.org/TR/html5/dom.html#the-id-attribute */
--
To unsubscribe send an email to tech+unsubscribe@mandoc.bsd.lv
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-09-06 16:30 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-08-12 10:27 mandoc 1.14.3 segfault Michael Stapelberg
2017-08-12 10:57 ` Jan Stary
2017-08-29 7:04 ` Michael Stapelberg
2017-09-06 16:30 ` Ingo Schwarze
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).