From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from scc-mailout-kit-01.scc.kit.edu (scc-mailout-kit-01.scc.kit.edu [129.13.231.81]) by fantadrom.bsd.lv (OpenSMTPD) with ESMTP id fb211ccc for ; Mon, 18 Mar 2019 03:03:45 -0500 (EST) Received: from asta-nat.asta.uni-karlsruhe.de ([172.22.63.82] helo=hekate.usta.de) by scc-mailout-kit-01.scc.kit.edu with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (envelope-from ) id 1h5nFH-0005Z8-N0; Mon, 18 Mar 2019 09:03:45 +0100 Received: from donnerwolke.usta.de ([172.24.96.3]) by hekate.usta.de with esmtp (Exim 4.77) (envelope-from ) id 1h5nFH-0005vp-31; Mon, 18 Mar 2019 09:03:43 +0100 Received: from athene.usta.de ([172.24.96.10]) by donnerwolke.usta.de with esmtp (Exim 4.84_2) (envelope-from ) id 1h5nFG-0002fx-UE; Mon, 18 Mar 2019 09:03:43 +0100 Received: from localhost (athene.usta.de [local]) by athene.usta.de (OpenSMTPD) with ESMTPA id e38f8a92; Mon, 18 Mar 2019 09:03:42 +0100 (CET) Date: Mon, 18 Mar 2019 09:03:42 +0100 From: Ingo Schwarze To: "Anthony J. Bentley" Cc: tech@mandoc.bsd.lv Subject: Re: Crash with empty table cell Message-ID: <20190318080342.GI29153@athene.usta.de> References: <77084.1550037674@desktop.ajb.soy> X-Mailinglist: mandoc-tech Reply-To: tech@mandoc.bsd.lv MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <77084.1550037674@desktop.ajb.soy> User-Agent: Mutt/1.8.0 (2017-02-23) Hi Anthony, Anthony J. Bentley wrote on Tue, Feb 12, 2019 at 11:01:14PM -0700: > This simplified example from syncthing-bep(7) causes a crash: > > .TS > center; > |l|l|. > _ > T{ > A > T} T{ > B > T} > _ > T{ > D > T} T{ > T} > _ > .TE > > Program received signal SIGSEGV, Segmentation fault. > strcmp () at /usr/src/lib/libc/arch/amd64/string/strcmp.S:59 > 59 movb (%rdi),%al > (gdb) bt > #0 strcmp () at /usr/src/lib/libc/arch/amd64/string/strcmp.S:59 > #1 0x00000e4f8ac99b7f in tbl_hrule (tp=0xe524e0aae00, spp=0xe51b8c5cd80, > spn=0xe524a503080, flags=0) at tbl_term.c:671 > #2 0x00000e4f8ac98e8c in term_tbl (tp=0xe524e0aae00, sp=) > at tbl_term.c:343 > #3 0x00000e4f8ac959c1 in print_man_nodelist (n=0xe519e437000, > p=, mt=, meta=) > at man_term.c:989 > #4 terminal_man (arg=0xe524e0aae00, man=0xe521a68a600) at man_term.c:182 > #5 0x00000e4f8ac88f61 in parse (curp=, fd=, > file=) at main.c:855 > #6 0x00000e4f8ac882c2 in main (argc=0, argv=0x7f7ffffda3b0) at main.c:471 Fixed with the commit below, thanks for reporting! Ingo Log Message: ----------- fix a NULL pointer access on empty tbl(7) data cells that bentley@ found in syncthing-bep(7) Modified Files: -------------- mandoc: tbl_term.c Revision Data ------------- Index: tbl_term.c =================================================================== RCS file: /home/cvs/mandoc/mandoc/tbl_term.c,v retrieving revision 1.69 retrieving revision 1.70 diff -Ltbl_term.c -Ltbl_term.c -u -p -r1.69 -r1.70 --- tbl_term.c +++ tbl_term.c @@ -629,7 +629,8 @@ tbl_hrule(struct termp *tp, const struct lw = cpp == NULL || cpn == NULL || (cpn->pos != TBL_CELL_DOWN && - (dpn == NULL || strcmp(dpn->string, "\\^") != 0)) + (dpn == NULL || dpn->string == NULL || + strcmp(dpn->string, "\\^") != 0)) ? hw : 0; tbl_direct_border(tp, BHORIZ * lw, col->width + col->spacing / 2); @@ -675,7 +676,8 @@ tbl_hrule(struct termp *tp, const struct rw = cpp == NULL || cpn == NULL || (cpn->pos != TBL_CELL_DOWN && - (dpn == NULL || strcmp(dpn->string, "\\^") != 0)) + (dpn == NULL || dpn->string == NULL || + strcmp(dpn->string, "\\^") != 0)) ? hw : 0; /* The line crossing at the end of this column. */ -- To unsubscribe send an email to tech+unsubscribe@mandoc.bsd.lv