[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: groff: grops and grodvi crash on invalid input
|
From: |
G. Branden Robinson |
|
Subject: |
Re: groff: grops and grodvi crash on invalid input |
|
Date: |
Sun, 22 Nov 2020 22:42:51 +1100 |
|
User-agent: |
NeoMutt/20180716 |
package groff-base
tag 421437 + upstream fixed-upstream
thanks
I can verify that, as I suspected (I mention that only because my
suspicions are so often incorrect), both instances arose from the same
bug, fixed in groff upstream last year and expected in the 1.23.0
release.
Details:
$ grodvi ./crash-grodvi.txt
grodvi:./crash-grodvi.txt:30: missing argument
grodvi:./crash-grodvi.txt:30: missing argument to 'c' command
grodvi:./crash-grodvi.txt:31: font 'TR' does not contain ascii character '\'
Segmentation fault (core dumped)
$ gdb $(which grodvi) ./core
GNU gdb (Debian 8.2.1-2+b3) 8.2.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/grodvi...Reading symbols from
/usr/lib/debug/.build-id/4b/02d06b7ebb1cdad715cddb0f3735235ca3a7a3.debug...done.
done.
[New LWP 23670]
Core was generated by `grodvi ./crash-grodvi.txt'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00005634b3ed5baa in font::get_code (this=0x5634b3f65580, g=0x0) at
../../src/libs/libgroff/font.cpp:547
547 ../../src/libs/libgroff/font.cpp: No such file or directory.
##(gdb) cd groff-1.22.4/debian/build
Working directory /tmp/branden/groff-1.22.4/debian/build.
##(gdb) list
542 abort();
543 }
544
545 int font::get_code(glyph *g)
546 {
547 int idx = glyph_to_index(g);
548 assert(idx >= 0);
549 if (idx < nindices && ch_index[idx] >= 0) {
550 // Explicitly enumerated glyph
551 return ch[ch_index[idx]].code;
##(gdb) up
#1 0x00005634b3ecf8d2 in dvi_printer::set_char (this=0x5634b3f664b0, g=0x0,
f=0x5634b3f65580, env=0x5634b3f5bb70, w=0)
at ../../src/devices/grodvi/dvi.cpp:346
346 int code = f->get_code(g);
##(gdb) list
341 void dvi_printer::set_char(glyph *g, font *f, const environment *env,
342 int w, const char *)
343 {
344 if (*env->col != cur_color)
345 set_color(env->col);
346 int code = f->get_code(g);
347 if (env->size != cur_point_size || f != cur_font) {
348 cur_font = f;
349 cur_point_size = env->size;
350 int i;
##(gdb) up
#2 0x00005634b3ed381c in printer::set_ascii_char (this=0x5634b3f664b0,
c=<optimized out>, env=0x5634b3f5bb70, widthp=widthp@entry=0x0)
at ../../src/libs/libdriver/printer.cpp:181
181 set_char(g, f, env, w, 0);
##(gdb) list
176
177 buf[0] = c;
178 buf[1] = '\0';
179
180 glyph *g = set_char_and_width(buf, env, &w, &f);
181 set_char(g, f, env, w, 0);
182 if (widthp) {
183 *widthp = w;
184 }
185 }
commit 5d0990500c2d16ed1025f1f0738cb419800652fe
Author: G. Branden Robinson <g.branden.robinson@gmail.com>
Date: Thu Jun 27 04:42:51 2019 +1000
libdriver: Fix SEGV (Savannah #56555).
Check result of set_char_and_width() for error condition before relying
on it.
diff --git a/ChangeLog b/ChangeLog
index 61e20b05..8e7973b6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2019-06-27 G. Branden Robinson <g.branden.robinson@gmail.com>
+
+ libdriver: Fix SEGV (Savannah #56555).
+
+ * src/libs/libdriver/printer.cpp: Check result of
+ set_char_and_width() for error condition before relying on it.
+
2019-06-27 G. Branden Robinson <g.branden.robinson@gmail.com>
groff: Add regression test for Savannah #56555.
diff --git a/src/libs/libdriver/printer.cpp b/src/libs/libdriver/printer.cpp
index f20e4b0a..773d438b 100644
--- a/src/libs/libdriver/printer.cpp
+++ b/src/libs/libdriver/printer.cpp
@@ -178,9 +178,11 @@ void printer::set_ascii_char(unsigned char c, const
environment *env,
buf[1] = '\0';
glyph *g = set_char_and_width(buf, env, &w, &f);
- set_char(g, f, env, w, 0);
- if (widthp) {
- *widthp = w;
+
+ if (g != UNDEFINED_GLYPH ) {
+ set_char(g, f, env, w, 0);
+ if (widthp)
+ *widthp = w;
}
}
signature.asc
Description: PGP signature
- Re: groff: grops and grodvi crash on invalid input, (continued)
- Re: groff: grops and grodvi crash on invalid input, John Gardner, 2020/11/21
- Re: groff: grops and grodvi crash on invalid input, G. Branden Robinson, 2020/11/22
- Re: groff: grops and grodvi crash on invalid input, G. Branden Robinson, 2020/11/22
- Re: groff: grops and grodvi crash on invalid input, John Gardner, 2020/11/22
- Re: groff: grops and grodvi crash on invalid input, John Gardner, 2020/11/22
- Re: groff: grops and grodvi crash on invalid input, G. Branden Robinson, 2020/11/22
- Re: groff: grops and grodvi crash on invalid input, John Gardner, 2020/11/23
- Re: groff: grops and grodvi crash on invalid input, Dave Kemper, 2020/11/23
- Re: Bug#421437: groff: grops and grodvi crash on invalid input, brian m. carlson, 2020/11/22
- Re: Bug#421437: groff: grops and grodvi crash on invalid input, G. Branden Robinson, 2020/11/30
Re: groff: grops and grodvi crash on invalid input,
G. Branden Robinson <=