Date: Wed, 17 Jul 2019 13:39:42 +0300 From: Eygene Ryabinkin <rea@freebsd.org> To: Baptiste Daroussin <bapt@FreeBSD.org> Cc: freebsd-current@FreeBSD.org Subject: Re: [CFT][patch] mandoc: don't segfault on empty tbl(1) continuation blocks Message-ID: <20190717103942.fkunwe3utxvmdc5n@void.codelabs.ru> In-Reply-To: <20190717071201.beem6et6dybhby7m@ivaldir.net> References: <20190716193124.yrrntrtah22aky5n@phoenix.codelabs.ru> <20190717071201.beem6et6dybhby7m@ivaldir.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--nzno7o2fwb6xlvhr Content-Type: multipart/mixed; boundary="mg6b44fawrvf627e" Content-Disposition: inline --mg6b44fawrvf627e Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Baptiste, good day. Wed, Jul 17, 2019 at 09:12:02AM +0200, Baptiste Daroussin wrote: > On Tue, Jul 16, 2019 at 10:31:24PM +0300, Eygene Ryabinkin wrote: > > Attached is the patch that makes built-in tbl(1) processor in > > mandoc to avoid dumping core when it renders the table with empty > > "T{ T}" block and horizontally-ruled table. > > Thank you for the patch! Have it been discussed with upstream? I > kind of remind something like this being reported to upstream, but I > haven't checked the status. Was fixed: https://mandoc.bsd.lv/cgi-bin/cvsweb/tbl_term.c.diff?r1=3D1.69&r2=3D1.70 https://github.com/openbsd/src/commit/5f6e3232931ab08da9c8121d568c8207c0c= 4662c#diff-bc5842dc5d7897de7bdac08f74804c57 A bit differently: people just check for dpn->string being NULL. And there is another one NULL pointer fix, https://mandoc.bsd.lv/cgi-bin/cvsweb/tbl_term.c.diff?r1=3D1.70&r2=3D1.71 https://github.com/openbsd/src/commit/7514a273fe4561e94f1277f4ee5991c9af9= cba2e#diff-bc5842dc5d7897de7bdac08f74804c57 Can't trigger it with upstream's testcase, https://mandoc.bsd.lv/cgi-bin/cvsweb/regress/tbl/layout/shortlines.in?rev= =3D1.1&content-type=3Dtext/x-cvsweb-markup https://raw.githubusercontent.com/openbsd/src/7514a273fe4561e94f1277f4ee5= 991c9af9cba2e/regress/usr.bin/mandoc/tbl/layout/shortlines.in since current FreeBSD's mandoc lacks this modification, https://mandoc.bsd.lv/cgi-bin/cvsweb/tbl_term.c.diff?r1=3D1.68&r2=3D1.69 https://github.com/openbsd/src/commit/b3e6a3251dfa92e66aa539518119564bd19= 45cc0#diff-bc5842dc5d7897de7bdac08f74804c57 but I believe that 'cpp' still can be NULL and will try to see if it is triggerable. So, the patch that corresponds to the upstream change is attached. Nothing was released after 1.14.5 (yet). What will be the route? Will you - wait for the new release; - if yes, will you incorporate the testing part? - if no, I think you will use the closer-to-upstream patch? Thanks. --=20 Eygene Ryabinkin ,,,^..^,,, [ Life's unfair - but root password helps! | codelabs.ru ] [ 82FE 06BC D497 C0DE 49EC 4FF0 16AF 9EAE 8152 ECFB | freebsd.org ] --mg6b44fawrvf627e Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="mandoc-fix-empty-cdata-crash--upstream-ver.patch" Content-Transfer-Encoding: quoted-printable mandoc: fix built-in tbl(1) processing of empty continuation blocks Empty "T{ T}" (continuation) blocks produce NULL-valued string for their data block: getdata() allocates structure with string set to NULL and tbl_cdata() will just return when it sees the end ("T}") of the block without any further manipulations with dat->string. This is completely legal; moreover, tbl.h specifies that for 'struct tbl_dat' the 'string' member is NULL when entry type is not TBL_DATA_DATA. This is not so all the time, but one shouldn't rely on this. The segfault in question was plain NULL pointer dereference triggered from tbl_term.c::tbl_hrule(). Added check for dpn->string not being NULL to be in sync with upstream, https://mandoc.bsd.lv/cgi-bin/cvsweb/tbl_term.c.diff?r1=3D1.69&r2=3D1.70 Also added regression test to find such problems in the future. The real-world case when manpage was provoking core dump is notmuch-config.1 for mail/notmuch port: it is auto-generated =66rom reStructuredText, so has empty blocks at the places where it would be enough just to specify the empty value. Index: usr.bin/mandoc/Makefile =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- usr.bin/mandoc/Makefile (revision 349971) +++ usr.bin/mandoc/Makefile (working copy) @@ -101,4 +101,7 @@ CFLAGS.gcc+=3D -Wno-format LIBADD=3D openbsd z =20 +HAS_TESTS=3D +SUBDIR.${MK_TESTS}+=3D tests + .include <bsd.prog.mk> Index: usr.bin/mandoc/tests/Makefile =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- usr.bin/mandoc/tests/Makefile (nonexistent) +++ usr.bin/mandoc/tests/Makefile (working copy) @@ -0,0 +1,11 @@ +# $FreeBSD$ + +PACKAGE=3D tests + +${PACKAGE}FILES+=3D empty-table-cdata.1 + +ATF_TESTS_SH+=3D regression-tests + +BINDIR=3D ${TESTSDIR} + +.include <bsd.test.mk> Property changes on: usr.bin/mandoc/tests/Makefile ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=3D%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: usr.bin/mandoc/tests/Makefile.depend =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- usr.bin/mandoc/tests/Makefile.depend (nonexistent) +++ usr.bin/mandoc/tests/Makefile.depend (working copy) @@ -0,0 +1,11 @@ +# $FreeBSD$ +# Autogenerated - do NOT edit! + +DIRDEPS =3D \ + + +.include <dirdeps.mk> + +.if ${DEP_RELDIR} =3D=3D ${_DEP_RELDIR} +# local dependencies - needed for -jN in clean tree +.endif Property changes on: usr.bin/mandoc/tests/Makefile.depend ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=3D%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: usr.bin/mandoc/tests/empty-table-cdata.1 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- usr.bin/mandoc/tests/empty-table-cdata.1 (nonexistent) +++ usr.bin/mandoc/tests/empty-table-cdata.1 (working copy) @@ -0,0 +1,21 @@ +.\" $FreeBSD$ +. +.TH EMPTY-TABLE-CDATA 1 1970-01-01 +.SH Empty table cdata test for tbl processor +. +.PP +The following table should not make mandoc to dump core: +. +.TS +|l|l|. +_ +A test +_ +table T{ +T} +_ +.TE +. +.SH Author +.PP +Eygene Ryabinkin, <rea@FreeBSD.org>. Property changes on: usr.bin/mandoc/tests/empty-table-cdata.1 ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=3D%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: usr.bin/mandoc/tests/regression-tests.sh =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- usr.bin/mandoc/tests/regression-tests.sh (nonexistent) +++ usr.bin/mandoc/tests/regression-tests.sh (working copy) @@ -0,0 +1,20 @@ +# $FreeBSD$ + + +SRCDIR=3D$(atf_get_srcdir) + + +atf_test_case empty_table_cdata +empty_table_cdata_head() { + atf_set "descr" "Normal processing of empty T{ T} blocks in tables" +} +empty_table_cdata_body() { + local mandoc=3D$(atf_config_get usr.bin.mandoc.test_mandoc /usr/bin/mando= c) + + atf_check -s exit: -o not-empty $mandoc "$SRCDIR"/empty-table-cdata.1 +} + + +atf_init_test_cases() { + atf_add_test_case empty_table_cdata +} Property changes on: usr.bin/mandoc/tests/regression-tests.sh ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:executable ## -0,0 +1 ## +* \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=3D%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: etc/mtree/BSD.tests.dist =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- etc/mtree/BSD.tests.dist (revision 349971) +++ etc/mtree/BSD.tests.dist (working copy) @@ -1004,6 +1004,8 @@ .. m4 .. + mandoc + .. mkimg .. ncal Index: contrib/mandoc/tbl_term.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- contrib/mandoc/tbl_term.c (revision 349971) +++ contrib/mandoc/tbl_term.c (working copy) @@ -626,7 +626,8 @@ =20 lw =3D cpp =3D=3D NULL || cpn =3D=3D NULL || (cpn->pos !=3D TBL_CELL_DOWN && - (dpn =3D=3D NULL || strcmp(dpn->string, "\\^") !=3D 0)) + (dpn =3D=3D NULL || dpn->string =3D=3D NULL || + strcmp(dpn->string, "\\^") !=3D 0)) ? hw : 0; tbl_direct_border(tp, BHORIZ * lw, col->width + col->spacing / 2); @@ -670,7 +671,8 @@ =20 rw =3D cpp =3D=3D NULL || cpn =3D=3D NULL || (cpn->pos !=3D TBL_CELL_DOWN && - (dpn =3D=3D NULL || strcmp(dpn->string, "\\^") !=3D 0)) + (dpn =3D=3D NULL || dpn->string =3D=3D NULL || + strcmp(dpn->string, "\\^") !=3D 0)) ? hw : 0; =20 /* The line crossing at the end of this column. */ --mg6b44fawrvf627e-- --nzno7o2fwb6xlvhr Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iNUEABEKAH0WIQSC/ga81JfA3knsT/AWr56ugVLs+wUCXS766V8UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0ODJG RTA2QkNENDk3QzBERTQ5RUM0RkYwMTZBRjlFQUU4MTUyRUNGQgAKCRAWr56ugVLs +7DYAQCYSOj28O7ejYIzX24D9QCfdJ0TOT3TekFAvf7PO8Ji9AD+J55WeU82unCy hp721dQnO+v65hpTl08ug2NWSVMT3GY= =Dqau -----END PGP SIGNATURE----- --nzno7o2fwb6xlvhr--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190717103942.fkunwe3utxvmdc5n>