Follow-up Comment #9, bug #62040 (project groff): Thanks for the follow-up, Bjarni.
I have a mitigation for this that I'll be pushing soon; by "mitigation", I mean that the SEGV no longer happens. This will enable the severity to be lowered to "normal", or perhaps "minor". I do not regard the problem as root-caused yet, and I'm not confident that your explanation is a correct one. Yes, any exiting Unix process gets all its memory freed, but that's not a reason to be careless with memory. When we're done with heap-allocated memory, we should delete or free it. A double free is usually a bug. commit ab0793f5cadb8dbcb84cb49d59bc31855fd8b5ac Author: G. Branden Robinson <[email protected]> AuthorDate: Sat May 14 23:32:14 2022 -0500 Commit: G. Branden Robinson <[email protected]> CommitDate: Sat May 14 23:34:49 2022 -0500 [grohtml]: Mitigate Savannah #62040. [grohtml]: Mitigate double-free problem exposed by malformed input. * src/roff/troff/mtsm.h (struct statem): Place member variable `issue_no` behind `DEBUGGING` preprocessor symbol, omitting it from production and ordinary development builds. * src/roff/troff/mtsm.cpp (no_of_statems): Place global variable behind `DEBUGGING` preprocessor symbol, omitting it from production and ordinary development builds. (statem::statem): Make constructor trivial if `DEBUGGING` not defined in preprocessor; it manipulates only `issue_no` and `no_of_statems`, which are synchronized. (statem::statem {copy}): Gate assignment of `issue_no` member variable from copy constructor behind `DEBUGGING` preprocessor symbol. (statem::flush, mtsm::inherit): Gate debugging output, already runtime-gated on `debug_state` symbol, of `issue_no` member variable, so that we don't reference it when it is not declared. See <https://savannah.gnu.org/bugs/?62040>. _______________________________________________________ Reply to this item at: <https://savannah.gnu.org/bugs/?62040> _______________________________________________ Message sent via Savannah https://savannah.gnu.org/
