From: Ingo Schwarze <schwarze@usta.de>
To: "Anthony J. Bentley" <anthony@anjbe.name>
Cc: tech@mandoc.bsd.lv
Subject: Re: Crash with empty table cell
Date: Mon, 18 Mar 2019 09:03:42 +0100 [thread overview]
Message-ID: <20190318080342.GI29153@athene.usta.de> (raw)
In-Reply-To: <77084.1550037674@desktop.ajb.soy>
Hi Anthony,
Anthony J. Bentley wrote on Tue, Feb 12, 2019 at 11:01:14PM -0700:
> This simplified example from syncthing-bep(7) causes a crash:
>
> .TS
> center;
> |l|l|.
> _
> T{
> A
> T} T{
> B
> T}
> _
> T{
> D
> T} T{
> T}
> _
> .TE
>
> Program received signal SIGSEGV, Segmentation fault.
> strcmp () at /usr/src/lib/libc/arch/amd64/string/strcmp.S:59
> 59 movb (%rdi),%al
> (gdb) bt
> #0 strcmp () at /usr/src/lib/libc/arch/amd64/string/strcmp.S:59
> #1 0x00000e4f8ac99b7f in tbl_hrule (tp=0xe524e0aae00, spp=0xe51b8c5cd80,
> spn=0xe524a503080, flags=0) at tbl_term.c:671
> #2 0x00000e4f8ac98e8c in term_tbl (tp=0xe524e0aae00, sp=<optimized out>)
> at tbl_term.c:343
> #3 0x00000e4f8ac959c1 in print_man_nodelist (n=0xe519e437000,
> p=<optimized out>, mt=<optimized out>, meta=<optimized out>)
> at man_term.c:989
> #4 terminal_man (arg=0xe524e0aae00, man=0xe521a68a600) at man_term.c:182
> #5 0x00000e4f8ac88f61 in parse (curp=<optimized out>, fd=<optimized out>,
> file=<optimized out>) at main.c:855
> #6 0x00000e4f8ac882c2 in main (argc=0, argv=0x7f7ffffda3b0) at main.c:471
Fixed with the commit below, thanks for reporting!
Ingo
Log Message:
-----------
fix a NULL pointer access on empty tbl(7) data cells
that bentley@ found in syncthing-bep(7)
Modified Files:
--------------
mandoc:
tbl_term.c
Revision Data
-------------
Index: tbl_term.c
===================================================================
RCS file: /home/cvs/mandoc/mandoc/tbl_term.c,v
retrieving revision 1.69
retrieving revision 1.70
diff -Ltbl_term.c -Ltbl_term.c -u -p -r1.69 -r1.70
--- tbl_term.c
+++ tbl_term.c
@@ -629,7 +629,8 @@ tbl_hrule(struct termp *tp, const struct
lw = cpp == NULL || cpn == NULL ||
(cpn->pos != TBL_CELL_DOWN &&
- (dpn == NULL || strcmp(dpn->string, "\\^") != 0))
+ (dpn == NULL || dpn->string == NULL ||
+ strcmp(dpn->string, "\\^") != 0))
? hw : 0;
tbl_direct_border(tp, BHORIZ * lw,
col->width + col->spacing / 2);
@@ -675,7 +676,8 @@ tbl_hrule(struct termp *tp, const struct
rw = cpp == NULL || cpn == NULL ||
(cpn->pos != TBL_CELL_DOWN &&
- (dpn == NULL || strcmp(dpn->string, "\\^") != 0))
+ (dpn == NULL || dpn->string == NULL ||
+ strcmp(dpn->string, "\\^") != 0))
? hw : 0;
/* The line crossing at the end of this column. */
--
To unsubscribe send an email to tech+unsubscribe@mandoc.bsd.lv
prev parent reply other threads:[~2019-03-18 8:03 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-13 6:01 Anthony J. Bentley
2019-03-18 8:03 ` Ingo Schwarze [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190318080342.GI29153@athene.usta.de \
--to=schwarze@usta.de \
--cc=anthony@anjbe.name \
--cc=tech@mandoc.bsd.lv \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).