From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-qt0-f171.google.com (mail-qt0-f171.google.com [209.85.216.171])
	by fantadrom.bsd.lv (OpenSMTPD) with ESMTP id aa0a9ab6
	for <tech@mdocml.bsd.lv>;
	Sat, 28 Jan 2017 07:57:58 -0500 (EST)
Received: by mail-qt0-f171.google.com with SMTP id w20so100727670qtb.1
        for <tech@mdocml.bsd.lv>; Sat, 28 Jan 2017 04:57:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=i3wm-org.20150623.gappssmtp.com; s=20150623;
        h=mime-version:sender:from:date:message-id:subject:to
         :content-transfer-encoding;
        bh=NhN/8Dev9zImCuXPC4ACesfeWwzqtG4BUZ/LFh8Hha0=;
        b=v0LDBDsQWxMiKkfJRtRbXjClaq77NfiP3a8kISI3iOD5ZsEPE2QcZkPqk5nr9dSowB
         Ep35E7b9IYvuOeJZU9ToRkZJTrm7N0KLidIa8wZZ+AyqHsqujQ2GytodjGhBsyyxyoit
         MddiIRlnuum0dO7hYrUzseGzfxtJwE9kmZcF7DvBrpED8rPNXH3fRqsS8hd32BgnBIFs
         Kax04Q6qFOTew9uPqLmgjx1b4ug5wLqEmLX2d36Ads5LgBXLAtubiQCOQ3IipLLUoClG
         hVXKbjvb+Pcy/gDCYVcCb1Oq1EAxzBP3OzIcM4ihIfB26LNxPuvEtG2mqX4PeJHg4lKX
         FBkg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:from:date:message-id:subject
         :to:content-transfer-encoding;
        bh=NhN/8Dev9zImCuXPC4ACesfeWwzqtG4BUZ/LFh8Hha0=;
        b=IuY18AzcLK6jrt2aIs3hFRfe64DAfseh9e2CRE7tz5x4Hb8lbeD7ElCVzasbeJLGZM
         PxQMxDLpuBSNlFjLxEhdXu/olVgUXD8zYqJmbjrV3duz9crr20Qqfq2SDxb3/KtVUjaI
         BTYzSyX138iqw0+ViVfK8/B/SYJeIdBc5YqGbOSuqpESIFCJ8/O3DT5UmUsbCrGpaRSb
         zhPrpXyybhL1BBqRvTFgGxAMc7rZijkZPx/GWxwWtEzKjmf7FqoQEmSZOrgpBBxdF9eH
         7hyjDcBkGTX1ziJ7KkCasjoccDc+9ykB+qmPcqzqcR0ACufubQnz0QW1MqkI1O4nOwvB
         aWfQ==
X-Gm-Message-State: AIkVDXIpLISgG1EEMJ542VVoFd1pRCC5IpDdjR0B4xh1Lriu5PnwaAngk0mO794e5qpS48Ty3ZE/iSloOS88WQ==
X-Received: by 10.200.39.200 with SMTP id x8mr12428770qtx.159.1485608277519;
 Sat, 28 Jan 2017 04:57:57 -0800 (PST)
X-Mailinglist: mdocml-tech
Reply-To: tech@mdocml.bsd.lv
MIME-Version: 1.0
Sender: michael@i3wm.org
Received: by 10.55.98.83 with HTTP; Sat, 28 Jan 2017 04:57:37 -0800 (PST)
X-Originating-IP: [2a02:168:4a00:0:225:90ff:fe5d:53a2]
From: Michael Stapelberg <stapelberg@debian.org>
Date: Sat, 28 Jan 2017 13:57:37 +0100
X-Google-Sender-Auth: bEOP4pRKSplzNSlaQTTpO_6LOvY
Message-ID: <CANnVG6kDsqN3OuJ=ZsdWyh4R3z+vLCum2VF6yVg4+_crB5jv7A@mail.gmail.com>
Subject: Bug: crash in mdoc_bl_pre() in mdoc_html.c:843
To: tech@mdocml.bsd.lv
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

I think http://mdocml.bsd.lv/cgi-bin/cvsweb/mdoc_html.c.diff?r1=3D1.247&r2=
=3D1.248
introduced a bug, specifically this hunk:

@@ -856,62 +770,47 @@
  * screen and we want to preserve that behaviour.
  */

- for (i =3D 0; i < (int)n->norm->Bl.ncols; i++) {
- bufinit(h);
- a2width(n->norm->Bl.cols[i], &su);
- if (i < (int)n->norm->Bl.ncols - 1)
- bufcat_su(h, "width", &su);
- else
- bufcat_su(h, "min-width", &su);
- PAIR_STYLE_INIT(&tag[0], h);
- print_otag(h, TAG_COL, 1, tag);
- }
+ for (i =3D 0; i < (int)n->norm->Bl.ncols - 1; i++)
+ print_otag(h, TAG_COL, "sww", n->norm->Bl.cols[i]);
+ print_otag(h, TAG_COL, "swW", n->norm->Bl.cols[i]);
[=E2=80=A6]

To reproduce the crash, use:
$ curl https://manpages.debian.org/unstable/heimdal-dev/gssapi.3.en.gz
| ./mandoc -Thtml
[=E2=80=A6]
segmentation fault (core dumped)  ./mandoc -Thtml
$ gdb mandoc core
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x0000560b3ac5d977 in mdoc_bl_pre (meta=3D0x560b3c509130,
n=3D0x560b3c51dd50, h=3D0x560b3c509260) at mdoc_html.c:843
843 print_otag(h, TAG_COL, "swW", n->norm->Bl.cols[i]);
gdb $ bt
#0  0x0000560b3ac5d977 in mdoc_bl_pre (meta=3D0x560b3c509130,
n=3D0x560b3c51dd50, h=3D0x560b3c509260) at mdoc_html.c:843
#1  0x0000560b3ac5c6d4 in print_mdoc_node (meta=3D0x560b3c509130,
n=3D0x560b3c51dd50, h=3D0x560b3c509260) at mdoc_html.c:396
#2  0x0000560b3ac5c47f in print_mdoc_nodelist (meta=3D0x560b3c509130,
n=3D0x560b3c51dd50, h=3D0x560b3c509260) at mdoc_html.c:337
#3  0x0000560b3ac5c743 in print_mdoc_node (meta=3D0x560b3c509130,
n=3D0x560b3c51dcb0, h=3D0x560b3c509260) at mdoc_html.c:406
#4  0x0000560b3ac5c47f in print_mdoc_nodelist (meta=3D0x560b3c509130,
n=3D0x560b3c51dcb0, h=3D0x560b3c509260) at mdoc_html.c:337
#5  0x0000560b3ac5c743 in print_mdoc_node (meta=3D0x560b3c509130,
n=3D0x560b3c51d610, h=3D0x560b3c509260) at mdoc_html.c:406
#6  0x0000560b3ac5c47f in print_mdoc_nodelist (meta=3D0x560b3c509130,
n=3D0x560b3c51d610, h=3D0x560b3c509260) at mdoc_html.c:337
#7  0x0000560b3ac5c743 in print_mdoc_node (meta=3D0x560b3c509130,
n=3D0x560b3c51d380, h=3D0x560b3c509260) at mdoc_html.c:406
#8  0x0000560b3ac5c47f in print_mdoc_nodelist (meta=3D0x560b3c509130,
n=3D0x560b3c51d380, h=3D0x560b3c509260) at mdoc_html.c:337
#9  0x0000560b3ac5c2dd in html_mdoc (arg=3D0x560b3c509260,
mdoc=3D0x560b3c509130) at mdoc_html.c:304
#10 0x0000560b3ac7b011 in parse (curp=3D0x7fff20668810, fd=3D0,
file=3D0x560b3ac9db71 "<stdin>") at main.c:748
#11 0x0000560b3ac7a446 in main (argc=3D0, argv=3D0x7fff20668a18) at main.c:=
454


--=20
Best regards,
Michael
--
 To unsubscribe send an email to tech+unsubscribe@mdocml.bsd.lv