Re: bin/53634: mandoc dumps core building from linux

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,coypu%sdf.org@localhost
Subject: Re: bin/53634: mandoc dumps core building from linux
From: Valery Ushakov <uwe%stderr.spb.ru@localhost>
Date: Thu, 27 Sep 2018 23:00:02 +0000 (UTC)

The following reply was made to PR bin/53634; it has been noted by GNATS.

From: Valery Ushakov <uwe%stderr.spb.ru@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: bin/53634: mandoc dumps core building from linux
Date: Fri, 28 Sep 2018 01:56:10 +0300

 On Thu, Sep 27, 2018 at 16:20:01 +0000, coypu%sdf.org@localhost wrote:
 
 > while building from linux, we dump core in libc man pages (getdirentries). I built with more debug info:
 > 
 > Core was generated by `/home/fly/obj/tooldir.Linux-4.15.0-34-generic-x86_64/bin/nbmandoc -Thtml -Oman='.
 > Program terminated with signal SIGSEGV, Segmentation fault.
 > #0  0x000056057b525561 in memcpy (__len=32, __src=0x7fff13df8850, __dest=0x7c841c40) at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34
 > 34	  return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
 > (gdb) bt
 > #0  0x000056057b525561 in memcpy (__len=32, __src=0x7fff13df8850, __dest=0x7c841c40) at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34
 > #1  mdoc_argv (mdoc=mdoc@entry=0x56057c82b9e0, line=line@entry=154, tok=tok@entry=MDOC_Bl, reta=reta@entry=0x7fff13df88f8, 
 >     pos=pos@entry=0x7fff13df896c, buf=buf@entry=0x56057c82bb30 ".Bl -tag")
 >     at /home/fly/src/tools/mandoc/../../external/bsd/mdocml/bin/mandoc/../../dist/mdoc_argv.c:367
 [...]
 
 The crash happens b/c the return value from reallocarray is truncated
 to 32-bit b/c the prototype is missing:
 
 #   compile  mandoc/mandoc_aux.lo
 cc -g  -DOSNAME=\"NetBSD\ 8.99\" -DHAVE_CONFIG_H -I. -D_OPENBSD_SOURCE -I/home/uwe/work/netbsd/build/tools/include/compat -I/home/uwe/work/netbsd/ro/src/tools/compat -DHAVE_NBTOOL_CONFIG_H=1 -D_FILE_OFFSET_BITS=64 -c -o mandoc_aux.lo.o    /home/uwe/work/netbsd/ro/src/tools/mandoc/../../external/bsd/mdocml/bin/mandoc/../../dist/mandoc_aux.c
 /home/uwe/work/netbsd/ro/src/tools/mandoc/../../external/bsd/mdocml/bin/mandoc/../../dist/mandoc_aux.c: In function 'mandoc_reallocarray':
 /home/uwe/work/netbsd/ro/src/tools/mandoc/../../external/bsd/mdocml/bin/mandoc/../../dist/mandoc_aux.c:83:8: warning: implicit declaration of function 'reallocarray'; did you mean 'recallocarray'? [-Wimplicit-function-declaration]
   ptr = reallocarray(ptr, num, size);
         ^~~~~~~~~~~~
         recallocarray
 /home/uwe/work/netbsd/ro/src/tools/mandoc/../../external/bsd/mdocml/bin/mandoc/../../dist/mandoc_aux.c:83:6: warning: assignment makes pointer from integer without a cast [-Wint-conversion]
   ptr = reallocarray(ptr, num, size);
       ^
 
 
 The prototype is missing b/c the code assumes that including
 <stdlib.h> is enough, but glibc hides reallocarray under __USE_GNU.
 
 test-reallocarray.c doesn't detect this.  It also gets the warning
 when it's compiled, but that's ignored.  The program links ok, since
 the symbol is present, so it assumes reallocarray is available.
 
 Forcing the test to fail by adding #error to test-reallocarray.c makes
 mandoc happy.
 
 -uwe

Prev by Date: NetBSD Nightly Trouble Ticket Report
Next by Date: Re: bin/53634: mandoc dumps core building from linux
Previous by Thread: bin/53634: mandoc dumps core building from linux
Next by Thread: Re: bin/53634: mandoc dumps core building from linux
Indexes:

Home | Main Index | Thread Index | Old Index