On 2020-06-11 16:45, Klemens Nanni wrote:
On Thu, Jun 11, 2020 at 03:59:09PM +0200, Otto Moerbeek wrote:
This already trips the bug;
man -T html -c pfctl id
No need for a custom man function. No clue yet why.
This is in mandoc's HTML parser, but only happens for multiple manuals
in html.c:html_reset_internal():
164 while ((tag = h->tag) != NULL) {
165 h->tag = tag->next;
166 free(tag);
167 }
Note that it crashes differently depending on the optimization level:
$ cd /usr/src/usr.bin/mandoc
$ make DEBUG=-O0
$ ./obj/mandoc -Thtml `man -w id cat` >/dev/null ; echo $?
0
$ make DEBUG=-O1
$ ./obj/mandoc -Thtml `man -w id cat` >/dev/null
Segmentation fault (core dumped)
$ make DEBUG=-O2
$ ./obj/mandoc -Thtml `man -w id cat` >/dev/null
mandoc(32092) in free(): bogus pointer (double free?) 0x6641bab613b
Abort trap (core dumped)
Need to run now, but wanted to share what seems to be the right direction.
Compile with -O0 to fix temporally the bug.
But, I also want to note that a binary is not need to be specified, can
be a just a file... (as second man entry).
