* Re: Remaining patches
[not found] ` <4CFD0AE3.8050502@bsd.lv>
@ 2010-12-11 17:02 ` Ingo Schwarze
2010-12-11 17:07 ` Ingo Schwarze
0 siblings, 1 reply; 5+ messages in thread
From: Ingo Schwarze @ 2010-12-11 17:02 UTC (permalink / raw)
To: tech
Hi Kristaps,
Kristaps Dzonsons wrote on Mon, Dec 06, 2010 at 05:10:11PM +0100:
> Ingo Schwarze wrote:
>> Regarding your recent commits, it is nice all this is going in.
>> I'll cross-check a bit more carefully when i'm out of office.
>> One thing looks dubious, though.
>>
>> .de XX
>> ..
>>
>> This should do the same as
>>
>> .ds XX ""
>>
>> and *not* the same as
>>
>> .rm XX
>>
>> Thus, i sepcifically changed that from NULL to "".
>> Otherwise, pages containing .IX throw lots of "unknown macro"
>> errors.
>>
>> In case this crashes on ALPHA, i suspect another bug somewhere...
>> Perhaps something related to integer sizes or alignment?
> Nope, valgrind pukes all over certain pages with this as well.
> Enclosed is an example offender and valgrind's output (in case it's
> useful). The output, as you can see, stops at the first
> paranthesis.
>
> I'll look into it some more later.
Here is what happens.
When parsing ".IX xyzzy", roff.c, roff_userdef() sets
*bufp = "";
*szp = 1;
return(ROFF_APPEND);
Then main.c, parsebuf() has
ln.buf = "";
ln.sz = 1;
pos = 0;
continue;
It appends the next line.
Hitting the \s at the beginning, it calls
resize_buf(&ln, 256)
which does
buf->sz = buf->sz ? 2 * buf->sz : initial;
i.e.
buf->sz = 2*1 = 2;
realloc(buf->buf, buf->sz);
and returning to parsebuf()
ln.buf[pos++] = blk.buf[i++];
ln.buf[pos++] = blk.buf[i++];
to copy the two characters of "\s".
That's one too much, boom.
So, let's fix resize_buf!
Can you verify with valgrind?
This analysis is purely from reading the code.
The OpenBSD build survives with the patch.
Yours,
Ingo
> .TH FOO 1
> .ie \nF \{\
> . de IX
> ..
> .\}
> .el \{\
> . de IX
> ..
> .\}
> .IX Title "FOO 1"
> .SH "NAME"
> foo \- bar
> .SH DESCRIPTION
> .IX xyzzy
> (\s-1asdfasd\s0) fdsafdsa
> ==27147== Memcheck, a memory error detector
> ==27147== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
> ==27147== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info
> ==27147== Command: ./mandoc -Owidth=68 foo.1
> ==27147== Parent PID: 11203
> ==27147==
> ==27147== Invalid write of size 1
> ==27147== at 0x40253C: parsebuf (main.c:733)
> ==27147== by 0x402257: pdesc (main.c:626)
> ==27147== by 0x401DEC: fdesc (main.c:487)
> ==27147== by 0x40198F: ffile (main.c:340)
> ==27147== by 0x401819: main (main.c:276)
> ==27147== Address 0x518b2a2 is 0 bytes after a block of size 2 alloc'd
> ==27147== at 0x4C245E2: realloc (vg_replace_malloc.c:525)
> ==27147== by 0x401ACB: resize_buf (main.c:381)
> ==27147== by 0x4024F9: parsebuf (main.c:730)
> ==27147== by 0x402257: pdesc (main.c:626)
> ==27147== by 0x401DEC: fdesc (main.c:487)
> ==27147== by 0x40198F: ffile (main.c:340)
> ==27147== by 0x401819: main (main.c:276)
Index: main.c
===================================================================
RCS file: /cvs/src/usr.bin/mandoc/main.c,v
retrieving revision 1.61
diff -u -p -r1.61 main.c
--- main.c 9 Dec 2010 23:01:18 -0000 1.61
+++ main.c 11 Dec 2010 17:01:40 -0000
@@ -375,7 +375,7 @@ static void
resize_buf(struct buf *buf, size_t initial)
{
- buf->sz = buf->sz ? 2 * buf->sz : initial;
+ buf->sz = buf->sz >= initial ? 2 * buf->sz : initial;
buf->buf = realloc(buf->buf, buf->sz);
if (NULL == buf->buf) {
perror(NULL);
--
To unsubscribe send an email to tech+unsubscribe@mdocml.bsd.lv
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Remaining patches
2010-12-11 17:02 ` Remaining patches Ingo Schwarze
@ 2010-12-11 17:07 ` Ingo Schwarze
2010-12-19 12:41 ` Ingo Schwarze
0 siblings, 1 reply; 5+ messages in thread
From: Ingo Schwarze @ 2010-12-11 17:07 UTC (permalink / raw)
To: tech
> Index: main.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/mandoc/main.c,v
> retrieving revision 1.61
> diff -u -p -r1.61 main.c
> --- main.c 9 Dec 2010 23:01:18 -0000 1.61
> +++ main.c 11 Dec 2010 17:01:40 -0000
> @@ -375,7 +375,7 @@ static void
> resize_buf(struct buf *buf, size_t initial)
> {
>
> - buf->sz = buf->sz ? 2 * buf->sz : initial;
> + buf->sz = buf->sz >= initial ? 2 * buf->sz : initial;
> buf->buf = realloc(buf->buf, buf->sz);
> if (NULL == buf->buf) {
> perror(NULL);
Gah, that's wrong as well.
It only moves the bug from sz = 1 to sz = initial-1.
It must be
buf->sz = buf->sz > initial/2 ? 2 * buf->sz : initial;
--
To unsubscribe send an email to tech+unsubscribe@mdocml.bsd.lv
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Remaining patches
2010-12-11 17:07 ` Ingo Schwarze
@ 2010-12-19 12:41 ` Ingo Schwarze
2010-12-20 14:50 ` Kristaps Dzonsons
0 siblings, 1 reply; 5+ messages in thread
From: Ingo Schwarze @ 2010-12-19 12:41 UTC (permalink / raw)
To: tech
Hi Kristaps,
Ingo Schwarze wrote on Sat, Dec 11, 2010 at 06:07:14PM +0100:
> Gah, that's wrong as well.
> It only moves the bug from sz = 1 to sz = initial-1.
>
> It must be
>
> buf->sz = buf->sz > initial/2 ? 2 * buf->sz : initial;
To get this finally settled:
OK for this one, too?
Or does it still crash your Alpha?
Index: main.c
===================================================================
RCS file: /cvs/src/usr.bin/mandoc/main.c,v
retrieving revision 1.61
diff -u -p -r1.61 main.c
--- main.c 9 Dec 2010 23:01:18 -0000 1.61
+++ main.c 19 Dec 2010 12:34:57 -0000
@@ -375,7 +375,7 @@ static void
resize_buf(struct buf *buf, size_t initial)
{
- buf->sz = buf->sz ? 2 * buf->sz : initial;
+ buf->sz = buf->sz > initial/2 ? 2 * buf->sz : initial;
buf->buf = realloc(buf->buf, buf->sz);
if (NULL == buf->buf) {
perror(NULL);
Index: roff.c
===================================================================
RCS file: /cvs/src/usr.bin/mandoc/roff.c,v
retrieving revision 1.23
diff -u -p -r1.23 roff.c
--- roff.c 9 Dec 2010 20:56:30 -0000 1.23
+++ roff.c 19 Dec 2010 12:34:58 -0000
@@ -345,18 +345,11 @@ roff_res(struct roff *r, char **bufp, si
size_t nsz;
char *n;
- /* String escape sequences have at least three characters. */
+ /* Search for a leading backslash and save a pointer to it. */
- for (cp = *bufp + pos; cp[0] && cp[1] && cp[2]; cp++) {
-
- /*
- * The first character must be a backslash.
- * Save a pointer to it.
- */
-
- if ('\\' != *cp)
- continue;
- stesc = cp;
+ cp = *bufp + pos;
+ while (NULL != (cp = strchr(cp, '\\'))) {
+ stesc = cp++;
/*
* The second character must be an asterisk.
@@ -364,7 +357,9 @@ roff_res(struct roff *r, char **bufp, si
* so it can't start another escape sequence.
*/
- if ('*' != *(++cp))
+ if ('\0' == *cp)
+ return(1);
+ if ('*' != *cp++)
continue;
/*
@@ -373,7 +368,9 @@ roff_res(struct roff *r, char **bufp, si
* Save a pointer to the name.
*/
- switch (*(++cp)) {
+ switch (*cp) {
+ case ('\0'):
+ return(1);
case ('('):
cp++;
maxl = 2;
--
To unsubscribe send an email to tech+unsubscribe@mdocml.bsd.lv
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Remaining patches
2010-12-19 12:41 ` Ingo Schwarze
@ 2010-12-20 14:50 ` Kristaps Dzonsons
2010-12-21 2:00 ` Ingo Schwarze
0 siblings, 1 reply; 5+ messages in thread
From: Kristaps Dzonsons @ 2010-12-20 14:50 UTC (permalink / raw)
To: tech
>> Gah, that's wrong as well.
>> It only moves the bug from sz = 1 to sz = initial-1.
>>
>> It must be
>>
>> buf->sz = buf->sz> initial/2 ? 2 * buf->sz : initial;
>
> To get this finally settled:
>
> OK for this one, too?
> Or does it still crash your Alpha?
Ingo, this does the trick for me!
Let me know when we're completely in sync and I'll put out a version
before getting to work on tbl. I think I've finished the -T[x]html updates.
Thanks!
Kristaps
--
To unsubscribe send an email to tech+unsubscribe@mdocml.bsd.lv
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Remaining patches
2010-12-20 14:50 ` Kristaps Dzonsons
@ 2010-12-21 2:00 ` Ingo Schwarze
0 siblings, 0 replies; 5+ messages in thread
From: Ingo Schwarze @ 2010-12-21 2:00 UTC (permalink / raw)
To: tech
Hi Kristaps,
>>> buf->sz = buf->sz> initial/2 ? 2 * buf->sz : initial;
> Ingo, this does the trick for me!
Good, so i have committed this to both repos,
and main.c and roff.c are back in sync.
> Let me know when we're completely in sync
Well, i still need to merge about a dozen patches,
then check that we are back in sync.
Time is up for tonight, i'll go on tomorrow night.
You have done a lot of work on -Thtml... :-)
Yours,
Ingo
--
To unsubscribe send an email to tech+unsubscribe@mdocml.bsd.lv
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2010-12-21 2:00 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <4CF65D82.2090302@bsd.lv>
[not found] ` <20101201145258.GA18473@iris.usta.de>
[not found] ` <4CF662C5.8070806@bsd.lv>
[not found] ` <20101202200205.GA12188@iris.usta.de>
[not found] ` <4CF82337.2060203@bsd.lv>
[not found] ` <20101202232111.GE12188@iris.usta.de>
[not found] ` <4CFCE8A6.7000101@bsd.lv>
[not found] ` <4CFCE997.6000700@bsd.lv>
[not found] ` <20101206142051.GA6999@iris.usta.de>
[not found] ` <4CFD0AE3.8050502@bsd.lv>
2010-12-11 17:02 ` Remaining patches Ingo Schwarze
2010-12-11 17:07 ` Ingo Schwarze
2010-12-19 12:41 ` Ingo Schwarze
2010-12-20 14:50 ` Kristaps Dzonsons
2010-12-21 2:00 ` Ingo Schwarze
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).