From owner-freebsd-current@freebsd.org Tue Jul 16 19:31:32 2019 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 58C98B8908 for ; Tue, 16 Jul 2019 19:31:32 +0000 (UTC) (envelope-from rea@codelabs.ru) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.233.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 76F1D710EF; Tue, 16 Jul 2019 19:31:30 +0000 (UTC) (envelope-from rea@codelabs.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=codelabs.ru; s=three; h=Sender:Content-Type:MIME-Version:Message-ID:Subject:To:From:Date; bh=UWfFeNlIKFV7CPqaLNPjKVplZ6GxJYI0/UvKss2OeRU=; b=f4ZcJ4DH//rTfC97zKG9+GBKhBl4mMottSCFgEHi36RtmlKW801y6+dix/M5n5VDddKw6WQKcUDFw1dfYMLzZpvuVmEmhO/TcgGsEaRx8ELSwC2pFeZuB2WbUUt+5cTCN6/ZwNzknZuxvBSm95DxJZ2FOIoeYMlDnTugyFe64ZyHNf567MKUSUnLYTeXgVoe5MMuM3JtPAUyUXDQ4WFyObW7s92n2ENSn2xLLO/MmGVvuP7h8ahgM5aTD4olaT89qfuQ0pW+nbtuWmWIFTwozOiK507X0iWCY4712p/lwPY4SgdJjI8+7pm+rsC+S+Afy7MDsQOfwmFMAeM5+t2n09aTlgrVkn5hiRrT0RowoGka1bYxWzG3kXsmYAGe9euYCW4Yy6OuOlv6BWfJdr+ifV6HQwxX/eHgKFEmxA9JrzdH2agNpFbHW7hPe5zplCd5+AzcLR/H8hOpmXu/jXYnlpQZCwYQORm+fxgiQcx7wU/kp66arnaABLbJPmjigmuGzVKzv/HECPY4XBG2xH96nwphkAvo/lPTGM1m1wb8k9OoeQCP3b5WiXG9xI3combIvaNbPOlPvjeVWO31zBWjyOgwKgDQcZwPtlhY/8m4Mwf4/azLYfh+zcbehD8Nm60fDDtwQPOaaZsFRw4kYirL1urfCXqRNE2N7iI8QVuHx1M=; Received: from 109-252-81-81.nat.spd-mgts.ru ([109.252.81.81]:3514 helo=phoenix.codelabs.ru) by mail.codelabs.ru with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (envelope-from ) id 1hnTAe-000Hqn-EI; Tue, 16 Jul 2019 22:31:28 +0300 Date: Tue, 16 Jul 2019 22:31:24 +0300 From: Eygene Ryabinkin To: freebsd-current@FreeBSD.org, bapt@FreeBSD.org Subject: [CFT][patch] mandoc: don't segfault on empty tbl(1) continuation blocks Message-ID: <20190716193124.yrrntrtah22aky5n@phoenix.codelabs.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="gz7utc52kvukndjs" Content-Disposition: inline Sender: rea@codelabs.ru X-Rspamd-Queue-Id: 76F1D710EF X-Spamd-Bar: ++++ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=codelabs.ru header.s=three header.b=f4ZcJ4DH X-Spamd-Result: default: False [4.26 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; HAS_ATTACHMENT(0.00)[]; TO_DN_NONE(0.00)[]; MX_GOOD(-0.01)[0.mx.codelabs.ru]; DKIM_TRACE(0.00)[codelabs.ru:+]; RCPT_COUNT_TWO(0.00)[2]; SIGNED_PGP(-2.00)[]; FORGED_SENDER(0.30)[rea@freebsd.org,rea@codelabs.ru]; RECEIVED_SPAMHAUS_PBL(0.00)[81.81.252.109.zen.spamhaus.org : 127.0.0.11]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~,4:+]; IP_SCORE(0.55)[ip: (1.45), ipnet: 144.206.224.0/19(0.72), asn: 59624(0.58), country: RU(0.01)]; ASN(0.00)[asn:59624, ipnet:144.206.224.0/19, country:RU]; FROM_NEQ_ENVFROM(0.00)[rea@freebsd.org,rea@codelabs.ru]; MIME_UNKNOWN(0.10)[text/x-diff]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[codelabs.ru:s=three]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-0.32)[-0.322,0]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; DMARC_NA(0.00)[freebsd.org]; NEURAL_SPAM_MEDIUM(0.69)[0.694,0]; HFILTER_HELO_BADIP(4.50)[0.mx.codelabs.ru,1]; NEURAL_SPAM_SHORT(0.85)[0.851,0]; R_SPF_NA(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jul 2019 19:31:32 -0000 --gz7utc52kvukndjs Content-Type: multipart/mixed; boundary="cds6ufi5oa7zoiin" Content-Disposition: inline --cds6ufi5oa7zoiin Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Good day. Attached is the patch that makes built-in tbl(1) processor in mandoc to avoid dumping core when it renders the table with empty "T{ T}" block and horizontally-ruled table. The simplest way to reproduce the issue is to either - run 'man notmuch-config' with mail/notmuch installed; - run 'mandoc tests/empty-table-cdata.1' against the attached test-only manpage. With the patch applied, one can utilize 'make check': regression test was added. Perhaps an invocation of {{{ mtree -deU -f /usr/src/etc/mtree/BSD.tests.dist -p /usr/tests }}} will be needed to run 'make check' without remaking/installing the world. The patch is for the fresh -CURRENT. Be interested in any results of its application and usage. Thanks! P.S.: please, CC me: I am not subscribed to the list. --=20 Eygene Ryabinkin ,,,^..^,,, [ Life's unfair - but root password helps! | codelabs.ru ] [ 82FE 06BC D497 C0DE 49EC 4FF0 16AF 9EAE 8152 ECFB | freebsd.org ] --cds6ufi5oa7zoiin Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="mandoc-fix-empty-cdata-crash.patch" Content-Transfer-Encoding: quoted-printable mandoc: fix built-in tbl(1) processing of empty continuation blocks Empty "T{ T}" (continuation) blocks produce NULL-valued string for their data block: getdata() allocates structure with string set to NULL and tbl_cdata() will just return when it sees the end ("T}") of the block without any further manipulations with dat->string. This is completely legal; moreover, tbl.h specifies that for 'struct tbl_dat' the 'string' member is NULL when entry type is not TBL_DATA_DATA. This is not so all the time, but one shouldn't rely on this. The segfault in question was plain NULL pointer dereference triggered from tbl_term.c::tbl_hrule(). Added check for dpn->pos not being TBL_DATA_DATA. Also added regression test to find such problems in the future. The real-world case when manpage was provoking core dump is notmuch-config.1 for mail/notmuch port: it is auto-generated =66rom reStructuredText, so has empty blocks at the places where it would be enough just to specify the empty value. Index: usr.bin/mandoc/Makefile =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- usr.bin/mandoc/Makefile (revision 349971) +++ usr.bin/mandoc/Makefile (working copy) @@ -101,4 +101,7 @@ CFLAGS.gcc+=3D -Wno-format LIBADD=3D openbsd z =20 +HAS_TESTS=3D +SUBDIR.${MK_TESTS}+=3D tests + .include Index: usr.bin/mandoc/tests/Makefile =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- usr.bin/mandoc/tests/Makefile (nonexistent) +++ usr.bin/mandoc/tests/Makefile (working copy) @@ -0,0 +1,11 @@ +# $FreeBSD$ + +PACKAGE=3D tests + +${PACKAGE}FILES+=3D empty-table-cdata.1 + +ATF_TESTS_SH+=3D regression-tests + +BINDIR=3D ${TESTSDIR} + +.include Property changes on: usr.bin/mandoc/tests/Makefile ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=3D%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: usr.bin/mandoc/tests/Makefile.depend =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- usr.bin/mandoc/tests/Makefile.depend (nonexistent) +++ usr.bin/mandoc/tests/Makefile.depend (working copy) @@ -0,0 +1,11 @@ +# $FreeBSD$ +# Autogenerated - do NOT edit! + +DIRDEPS =3D \ + + +.include + +.if ${DEP_RELDIR} =3D=3D ${_DEP_RELDIR} +# local dependencies - needed for -jN in clean tree +.endif Property changes on: usr.bin/mandoc/tests/Makefile.depend ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=3D%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: usr.bin/mandoc/tests/empty-table-cdata.1 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- usr.bin/mandoc/tests/empty-table-cdata.1 (nonexistent) +++ usr.bin/mandoc/tests/empty-table-cdata.1 (working copy) @@ -0,0 +1,21 @@ +.\" $FreeBSD$ +. +.TH EMPTY-TABLE-CDATA 1 1970-01-01 +.SH Empty table cdata test for tbl processor +. +.PP +The following table should not make mandoc to dump core: +. +.TS +|l|l|. +_ +A test +_ +table T{ +T} +_ +.TE +. +.SH Author +.PP +Eygene Ryabinkin, . Property changes on: usr.bin/mandoc/tests/empty-table-cdata.1 ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=3D%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: usr.bin/mandoc/tests/regression-tests.sh =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- usr.bin/mandoc/tests/regression-tests.sh (nonexistent) +++ usr.bin/mandoc/tests/regression-tests.sh (working copy) @@ -0,0 +1,20 @@ +# $FreeBSD$ + + +SRCDIR=3D$(atf_get_srcdir) + + +atf_test_case empty_table_cdata +empty_table_cdata_head() { + atf_set "descr" "Normal processing of empty T{ T} blocks in tables" +} +empty_table_cdata_body() { + local mandoc=3D$(atf_config_get usr.bin.mandoc.test_mandoc /usr/bin/mando= c) + + atf_check -s exit: -o not-empty $mandoc "$SRCDIR"/empty-table-cdata.1 +} + + +atf_init_test_cases() { + atf_add_test_case empty_table_cdata +} Property changes on: usr.bin/mandoc/tests/regression-tests.sh ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:executable ## -0,0 +1 ## +* \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=3D%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: etc/mtree/BSD.tests.dist =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- etc/mtree/BSD.tests.dist (revision 349971) +++ etc/mtree/BSD.tests.dist (working copy) @@ -1004,6 +1004,8 @@ .. m4 .. + mandoc + .. mkimg .. ncal Index: contrib/mandoc/tbl_term.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- contrib/mandoc/tbl_term.c (revision 349971) +++ contrib/mandoc/tbl_term.c (working copy) @@ -626,7 +626,8 @@ =20 lw =3D cpp =3D=3D NULL || cpn =3D=3D NULL || (cpn->pos !=3D TBL_CELL_DOWN && - (dpn =3D=3D NULL || strcmp(dpn->string, "\\^") !=3D 0)) + (dpn =3D=3D NULL || dpn->pos !=3D TBL_DATA_DATA || + strcmp(dpn->string, "\\^") !=3D 0)) ? hw : 0; tbl_direct_border(tp, BHORIZ * lw, col->width + col->spacing / 2); @@ -670,7 +671,8 @@ =20 rw =3D cpp =3D=3D NULL || cpn =3D=3D NULL || (cpn->pos !=3D TBL_CELL_DOWN && - (dpn =3D=3D NULL || strcmp(dpn->string, "\\^") !=3D 0)) + (dpn =3D=3D NULL || dpn->pos !=3D TBL_DATA_DATA || + strcmp(dpn->string, "\\^") !=3D 0)) ? hw : 0; =20 /* The line crossing at the end of this column. */ --cds6ufi5oa7zoiin Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="empty-table-cdata.1" .\" $FreeBSD$ . .TH EMPTY-TABLE-CDATA 1 1970-01-01 .SH Empty table cdata test for tbl processor . .PP The following table should not make mandoc to dump core: . .TS |l|l|. _ A test _ table T{ T} _ .TE . .SH Author .PP Eygene Ryabinkin, . --cds6ufi5oa7zoiin-- --gz7utc52kvukndjs Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iNUEABEKAH0WIQSC/ga81JfA3knsT/AWr56ugVLs+wUCXS4mB18UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0ODJG RTA2QkNENDk3QzBERTQ5RUM0RkYwMTZBRjlFQUU4MTUyRUNGQgAKCRAWr56ugVLs +3yMAP9Qi6AhAa+Te9ckPanrkwn1yQlkNJ7Ijzpk2uqLr6x5qQD/Wv9q8un/WYxm eaxYMUayUFoVumCdva9hBw9yPrTa5V4= =lWaK -----END PGP SIGNATURE----- --gz7utc52kvukndjs--