From: Ingo Schwarze <schwarze@usta.de>
To: Stephen Gregoratto <dev@sgregoratto.me>
Cc: tech@mandoc.bsd.lv
Subject: Re: [docbook2mdoc] Segfault encountering href attr in xml preamble(s)
Date: Sat, 20 Apr 2019 06:28:41 +0200 [thread overview]
Message-ID: <20190420042841.GA45166@athene.usta.de> (raw)
In-Reply-To: <20190419042833.r5h33msa4h3pbej5@BlackBox>
Hi Stephen,
Stephen Gregoratto wrote on Fri, Apr 19, 2019 at 02:28:33PM +1000:
> I tried testing the new 1.0.0 release on some of my files and came
> across this bug. Some refentry files encode their chosen xsl stylesheet
> by putting it in the file itself. I believe this is to help converters
> like xmlto(1). The format is:
>
> <?xml-stylesheet type="text/xsl"
> href="http://foo.tld/bar.xsl"?>
>
> When docbook2mdoc encounters the href attribute, it eventually calls
> xml_attrkey() in parse.c, failing in the TAILQ_INSERT_TAIL macro.
Good analysis, thanks.
Calling xml_attrkey() is still fine.
The string "<?xml-stylesheet" is supposed to be interpreted as the
beginning of an element; docbook2mdoc doesn't really distinguish
between XML elements and XML processing instructions. And the
string "href=" is supposed to be interpreted as the beginning of
an attribute.
But inside xml_attrkey(), no processing should be done because
an unknown element does not generate a node in the node tree,
so there is no node that the attribute could be inserted into.
I think i broke this when making the NODE_* enum constants in node.h
more fine-grained, specifically when distinguishing NODE_UNKNOWN
and NODE_IGNORE.
Fixed with the commit below.
Yours,
Ingo
Log Message:
-----------
do not crash by trying to insert an attribute into a non-existent node;
segfault reported by Stephen Gregoratto <dev at sgregoratto dot me>
Modified Files:
--------------
docbook2mdoc:
parse.c
Revision Data
-------------
Index: parse.c
===================================================================
RCS file: /home/cvs/mdocml/docbook2mdoc/parse.c,v
retrieving revision 1.46
retrieving revision 1.47
diff -Lparse.c -Lparse.c -u -p -r1.46 -r1.47
--- parse.c
+++ parse.c
@@ -553,7 +553,7 @@ xml_attrkey(struct parse *p, const char
const char *value;
enum attrkey key;
- if (p->del > 0 || p->ncur == NODE_IGNORE || *name == '\0')
+ if (p->del > 0 || p->ncur >= NODE_UNKNOWN || *name == '\0')
return;
if ((p->ncur == NODE_DOCTYPE || p->ncur == NODE_ENTITY) &&
@@ -590,7 +590,7 @@ xml_attrval(struct parse *p, const char
{
struct pattr *a;
- if (p->del > 0 || p->ncur == NODE_IGNORE ||
+ if (p->del > 0 || p->ncur >= NODE_UNKNOWN ||
(p->flags & PFLAG_ATTR) == 0)
return;
if ((a = TAILQ_LAST(&p->cur->attrq, pattrq)) == NULL)
--
To unsubscribe send an email to tech+unsubscribe@mandoc.bsd.lv
prev parent reply other threads:[~2019-04-20 4:28 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-19 4:28 Stephen Gregoratto
2019-04-20 4:28 ` Ingo Schwarze [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190420042841.GA45166@athene.usta.de \
--to=schwarze@usta.de \
--cc=dev@sgregoratto.me \
--cc=tech@mandoc.bsd.lv \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).