Hi Theo, Theo Buehler wrote on Sat, Oct 25, 2014 at 07:52:18AM +0200:
> Today's run of /etc/weekly script reported a segmentation fault of > makewhatis(8) (compiled from the latest version). Ouch. Thanks for the good report and sorry for the inconvenience. This ought to be fixed now both in OpenBSD and on mdocml.bsd.lv. > This can be reproduced by issuing > # makewhatis > or, more easily, by > $ mandoc /usr/X11R6/man/man3/glPixelMap.3 > > The reason for this seems to be a mistake in the equation parsing code. > > The line causing the segfault is in /usr/X11R6/man/man3/glPixelMap.3, > line 168: > > center tab(:) delim($$) ; > > which appears in various other glPixel*.3 manuals as well. Moving those > manuals away allows makewhatis(8) to complete successfully. Also, changing > this manual line into ``center tab(:) ;'' makes the segfault go away. > > The segfault doesn't occur when reverting eqn.c to revision 1.16. All correct and all relevant. > Here's a backtrace of makewhatis's segfault: > > $ gdb obj/makewhatis makewhatis.core [...] > #0 eqn_tok_parse (ep=0x1539468feb80, p=0x7f7ffffefca8) > at /usr/src/usr.bin/mandoc/eqn.c:493 > 493 quoted = ep->data[ep->cur] == '"'; Yep, the roff parser misparsed "delim($$)" as containing an empty equation even though it's inside a table layout specification and the eqn parser wrongly assumed that each equation contains at least one box, dereferencing NULL when encountering an empty equation. The NULL dereference could also be triggered with these simpler chunks of code: .EQ .EN or .EQ delim $$ .EN $$ Yours, Ingo
