Re: makewhatis: segfault in dbadd when using -a

[Ingo Schwarze <schwarze@usta.de>]

Hi Lukas,

sorry for the delay in addressing a bug as serious as a segfault.
I got distracted by bugfixing in date(1), editline(3), less(1),
sftp(1), and tbl(7).

A clear case of silly season: everyone is on holiday and no one
reports any bugs, right?  Right.  Or perhaps not...  :)

sternenseemann wrote on Sat, Aug 07, 2021 at 01:53:18AM +0200:

> while testing Ingo's latest patch I found a segfault in makewhatis
> involving -a and symlinks which I can also reproduce on unpatched CVS.
> 
> To reproduce do something like this
> 
> mkdir test-manpath
> mkdir -p test-manpath/de/man1
> ln -sf $(realpath test-manpath/de) test-manpath/DE

Whoa.  A symlink inside a manpath that points to a directory?
I must admit it never crossed my mind that people might do
something like that.  No excuse for crashing, of course.

> So we have a base directory which has one child that is a symlink. This
> symlink points to a directory below the base directory which contains
> another directory. Running makewhatis -a test-manpath will then segfault
[...]
> I've stared at mpages_merge for a little bit, but haven't figured out

  "Nothing to see here, move on!"

You stared at the wrong place.  That may be where the car finally
exploded, but not where it ran off the road.

Note that i don't feel like actually *following* such a link unless
people show real-world use cases that require it.  If the link target
is below the same manpath, it will be reached by direct traversal, too.
Nobody claimed so far that having such a link point to the cellar or
store might be useful, and if i understand sufficiently well what the
point of a cellar or a store is, indeed it could hardly be useful.
If it points somewhere else, it certainly should not be followed.

Does the following patch make sense to you and work for you?

Thanks for the report,
  Ingo


Index: mandocdb.c
===================================================================
RCS file: /cvs/src/usr.bin/mandoc/mandocdb.c,v
retrieving revision 1.216
diff -u -p -U7 -r1.216 mandocdb.c
--- mandocdb.c	3 Apr 2020 11:34:19 -0000	1.216
+++ mandocdb.c	11 Aug 2021 15:05:58 -0000
@@ -588,14 +588,16 @@ treescan(void)
 			}
 			/* Use logical inode to avoid mpages dupe. */
 			if (stat(path, ff->fts_statp) == -1) {
 				if (warnings)
 					say(path, "&stat");
 				continue;
 			}
+			if ((ff->fts_statp->st_mode & S_IFMT) != S_IFREG)
+				continue;
 			/* FALLTHROUGH */
 
 		/*
 		 * If we're a regular file, add an mlink by using the
 		 * stored directory data and handling the filename.
 		 */
 		case FTS_F:
--
 To unsubscribe send an email to tech+unsubscribe@mandoc.bsd.lv