- Remove confusing unused len fields from TAG and ENTRY - Remove a couple of internal unused variables - Prevent parse_path() from inserting empty ENTRYs into the list, leading to a crash due to negative array access later on.
>From what I can tell, changing config.h affects man, whatis and apropos only. In my testing none of them used the len fields. The crash can be reproduced with this extreme example: man -m ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: test It's occasionally triggered by git $command --help. Index: config.h =================================================================== RCS file: /home/vcs/cvs/openbsd/src/usr.bin/man/config.h,v retrieving revision 1.5 diff -u -p -r1.5 config.h --- config.h 15 Sep 2004 22:20:03 -0000 1.5 +++ config.h 31 Jan 2012 03:14:47 -0000 @@ -38,13 +38,11 @@ typedef struct _tag { TAILQ_HEAD(tqh, _entry) list; /* Queue of entries. */ char *s; /* Associated string. */ - size_t len; /* Length of 's'. */ } TAG; typedef struct _entry { TAILQ_ENTRY(_entry) q; /* Queue of entries. */ char *s; /* Associated string. */ - size_t len; /* Length of 's'. */ } ENTRY; TAILQ_HEAD(_head, _tag); Index: man.c =================================================================== RCS file: /home/vcs/cvs/openbsd/src/usr.bin/man/man.c,v retrieving revision 1.44 diff -u -p -r1.44 man.c --- man.c 5 Jan 2012 21:46:15 -0000 1.44 +++ man.c 31 Jan 2012 03:14:47 -0000 @@ -95,7 +95,6 @@ main(int argc, char *argv[]) extern char *optarg; extern int optind; TAG *searchlist; - ENTRY *ep; glob_t pg; size_t len; int ch, f_cat, f_how, found; @@ -339,6 +338,10 @@ parse_path(TAG *t, char *path) char *p, *slashp; while ((p = strsep(&path, ":")) != NULL) { + /* Skip emtpy fields */ + if (*p == '\0') + continue; + if ((ep = malloc(sizeof(ENTRY))) == NULL) err(1, NULL); @@ -434,7 +437,7 @@ manual(char *page, TAG *tag, glob_t *pg) { ENTRY *ep, *e_sufp, *e_tag; TAG *missp, *sufp; - int anyfound, cnt, found, globres; + int anyfound, cnt, found; char *p, buf[MAXPATHLEN]; anyfound = 0;