gbranden pushed a commit to branch master
in repository groff.
commit d9e7dac095fa7451625a3947d144edf7dae8aab3
Author: G. Branden Robinson <[email protected]>
AuthorDate: Thu Apr 3 04:54:46 2025 -0500
[groff]: Regression-test Savannah #66981.
* src/roff/groff/tests/do-not-free-file-name-pointers-early.sh: Do it.
* src/roff/groff/groff.am (groff_TESTS): Run test.
Test fails at this commit (on my system; the bug involves dynamic memory
UB so others' mileage may vary).
---
ChangeLog | 8 ++++
src/roff/groff/groff.am | 1 +
.../tests/do-not-free-file-name-pointers-early.sh | 56 ++++++++++++++++++++++
3 files changed, 65 insertions(+)
diff --git a/ChangeLog b/ChangeLog
index 35f104304..2c3d9383d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2025-04-03 G. Branden Robinson <[email protected]>
+
+ [groff]: Regression-test Savannah #66981.
+
+ * src/roff/groff/tests/do-not-free-file-name-pointers-early.sh:
+ Do it.
+ * src/roff/groff/groff.am (groff_TESTS): Run test.
+
2025-04-02 G. Branden Robinson <[email protected]>
[troff]: Slightly refactor and fix code style nits.
diff --git a/src/roff/groff/groff.am b/src/roff/groff/groff.am
index f371d4987..baec3fa0e 100644
--- a/src/roff/groff/groff.am
+++ b/src/roff/groff/groff.am
@@ -56,6 +56,7 @@ groff_TESTS = \
src/roff/groff/tests/device-request-passes-most-escape-sequences.sh \
src/roff/groff/tests/device-request-works.sh \
src/roff/groff/tests/devicem-request-works.sh \
+ src/roff/groff/tests/do-not-free-file-name-pointers-early.sh \
src/roff/groff/tests/do-not-loop-infinitely-when-breaking-cjk.sh \
src/roff/groff/tests/dot-cp-register-works.sh \
src/roff/groff/tests/dot-nm-register-works.sh \
diff --git a/src/roff/groff/tests/do-not-free-file-name-pointers-early.sh
b/src/roff/groff/tests/do-not-free-file-name-pointers-early.sh
new file mode 100755
index 000000000..71c8b42ef
--- /dev/null
+++ b/src/roff/groff/tests/do-not-free-file-name-pointers-early.sh
@@ -0,0 +1,56 @@
+#!/bin/sh
+#
+# Copyright (C) 2025 Free Software Foundation, Inc.
+#
+# This file is part of groff.
+#
+# groff is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free
+# Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# groff is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+groff="${abs_top_builddir:-.}/test-groff"
+
+# Regression-test Savannah #66981.
+#
+# File name strings in GNU troff tend to be dynamically allocated and to
+# have highly variable lifetimes. Aggressively freeing them can lead to
+# undefined behavior (referencing deallocated memory).
+#
+# Because we're talking about dynamic memory UB, the following input may
+# not reproduce bad behavior in all environments. On GBR's system, the
+# following is evident prior to the bug fix.
+#
+# {"name": "CE", "file name": "a", "starting line number": 2, ... }
+# {"name": "CE", "file name": "\u0090\u0092\u009B\u00CE6V", ... }
+#
+# ...where the garbage in the file name varies with every run.
+
+input='.
+.lf 2 a
+.ds CE \" empty
+.TS H
+l
+l.
+\&
+.TH
+\&
+.pm CE
+.TE
+.pm CE
+.'
+
+output=$(printf '%s\n' "$input" | "$groff" -zt -ms 2>&1 | nl -ba)
+echo "$output"
+echo "$output" | sed -n 2p | grep -Fq '"file name": "a",'
+
+# vim:set autoindent expandtab shiftwidth=2 tabstop=2 textwidth=72:
_______________________________________________
groff-commit mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/groff-commit
