Re: man segfault diff

Sun, 05 Feb 2012 10:58:48 -0800 

Hi Tobias,

Tobias Ulmer wrote on Tue, Jan 31, 2012 at 04:37:23AM +0100:

> - Remove confusing unused len fields from TAG and ENTRY
> - Remove a couple of internal unused variables
> - Prevent parse_path() from inserting empty ENTRYs into the list,
>   leading to a crash due to negative array access later on.
> 
> From what I can tell, changing config.h affects man, whatis and apropos
> only. In my testing none of them used the len fields.
> 
> The crash can be reproduced with this extreme example:
> man -m ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: test
> 
> It's occasionally triggered by git $command --help.

Thanks for fixing this, and sorry for the delay, i'm somewhat swamped.

It looks correct from inspection and survived testing and a make
build, so i have finally put it in.

Yours,
  Ingo


> Index: config.h
> ===================================================================
> RCS file: /home/vcs/cvs/openbsd/src/usr.bin/man/config.h,v
> retrieving revision 1.5
> diff -u -p -r1.5 config.h
> --- config.h  15 Sep 2004 22:20:03 -0000      1.5
> +++ config.h  31 Jan 2012 03:14:47 -0000
> @@ -38,13 +38,11 @@ typedef struct _tag {
>  
>       TAILQ_HEAD(tqh, _entry) list;   /* Queue of entries. */
>       char *s;                        /* Associated string. */
> -     size_t len;                     /* Length of 's'. */
>  } TAG;
>  typedef struct _entry {
>       TAILQ_ENTRY(_entry) q;          /* Queue of entries. */
>  
>       char *s;                        /* Associated string. */
> -     size_t len;                     /* Length of 's'. */
>  } ENTRY;
>  
>  TAILQ_HEAD(_head, _tag);
> Index: man.c
> ===================================================================
> RCS file: /home/vcs/cvs/openbsd/src/usr.bin/man/man.c,v
> retrieving revision 1.44
> diff -u -p -r1.44 man.c
> --- man.c     5 Jan 2012 21:46:15 -0000       1.44
> +++ man.c     31 Jan 2012 03:14:47 -0000
> @@ -95,7 +95,6 @@ main(int argc, char *argv[])
>       extern char *optarg;
>       extern int optind;
>       TAG *searchlist;
> -     ENTRY *ep;
>       glob_t pg;
>       size_t len;
>       int ch, f_cat, f_how, found;
> @@ -339,6 +338,10 @@ parse_path(TAG *t, char *path)
>       char *p, *slashp;
>  
>       while ((p = strsep(&path, ":")) != NULL) {
> +             /* Skip emtpy fields */
> +             if (*p == '\0')
> +                     continue;
> +
>               if ((ep = malloc(sizeof(ENTRY))) == NULL)
>                       err(1, NULL);
>  
> @@ -434,7 +437,7 @@ manual(char *page, TAG *tag, glob_t *pg)
>  {
>       ENTRY *ep, *e_sufp, *e_tag;
>       TAG *missp, *sufp;
> -     int anyfound, cnt, found, globres;
> +     int anyfound, cnt, found;
>       char *p, buf[MAXPATHLEN];
>  
>       anyfound = 0;

Reply via email to