Bug 45744
| Summary: | /usr/bin/makeinfo sometimes segfaults | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Base System | Reporter: | Ronald F. Guilmette <rfg> | ||||
| Component: | gnu | Assignee: | ru <ru> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | ||||||
| Priority: | Normal | ||||||
| Version: | 4.7-RELEASE | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
It would appear that the GNU Project's maintainer of the GNU texinfo package (which includes the `makeinfo' utility) concurs with my opinion that `makeinfo' contained a bug that could cause segfaults. It would also appear that he concurs with the patch for `makeinfo' that I sent him. ------- Forwarded Message Return-Path: karl@freefriends.org Delivery-Date: Tue Nov 26 15:16:30 2002 Return-Path: <karl@freefriends.org> Delivered-To: rfg@monkeys.com Received: from f7.net (consort.superb.net [209.61.216.22]) by segfault.monkeys.com (Postfix) with ESMTP id AB1B24225E for <rfg@monkeys.com>; Tue, 26 Nov 2002 15:16:28 -0800 (PST) Received: (from karl@localhost) by f7.net (8.11.6/8.11.6) id gAQNGRb05480; Tue, 26 Nov 2002 18:16:27 -0500 Date: Tue, 26 Nov 2002 18:16:27 -0500 Message-Id: <200211262316.gAQNGRb05480@f7.net> From: karl@freefriends.org (Karl Berry) To: rfg@monkeys.com Cc: bug-texinfo@gnu.org Subject: Re: Segfault in makeinfo in GNU texinfo-4.3 package (fix included) I have been experiencing segmentation faults in makeinfo for quite a long time now... over a year. Please see: http://www.freebsd.org/cgi/query-pr.cgi?pr=45598 Ah. Sorry, I wasn't aware of this. Obviously, it *is* possible for name_index_alist[i] to have a NULL value, Indeed. I moved the undefindex call after the conditional just as you suggested. Thanks much for the report and fix! ~karl ------- End of Forwarded Message Responsible Changed From-To: freebsd-bugs->ru Assign to texinfo maintainer State Changed From-To: open->closed This has been fixed in GNU texinfo 4.6. |
(NOTE: This bug has also/already been reported to the GNU Project's maintainer of the GNU texinfo package.) I have been experiencing segmentation faults in makeinfo for quite a long time now... over a year. Please see: http://www.freebsd.org/cgi/query-pr.cgi?pr=45598 for more info. Anyway, I finally got off my ass and tracked down the root cause of these crashes. Quite simply, there are cases where the code on line 337 of the makinfo index.c file, i.e.: undefindex (name_index_alist[i]->name); gets executed when name_index_alist[i] has a NULL value. And dereferencing a NULL is a very Bad Idea. (Doing so causes segfaults. Oh yea.) You can tell that the code fully _expects_ that name_index_alist[i] will have a NULL value, in some cases, at this point in the code, just by looking at the next following code line, which reads: if (name_index_alist[i]) Obviously, it *is* possible for name_index_alist[i] to have a NULL value, right around this point in the code, and indeed, that condition is even expected. The problem is that we are dereferencing that value (on line 337) before we have checked to see if the value is NULL or not. (If it is NULL, then we definitely DO NOT want to perform the deference.) A suitable (and trivial, and obvious) patch for this error is provided below. All that is needed is to move the dereferencing statement to a point _after_ we have checked if the value of if name_index_alist[i] is NULL or not. (The patch below should be suitable for use against both the current GNU version of the texinfo package, i.e. 4.3, and also the 4.2 version, as was used in the FreeBSD 4.7-RELEASE distribution.) How-To-Repeat: Please see: http://www.freebsd.org/cgi/query-pr.cgi?pr=45598 This bug can be trivially reproduced by simply attempting to build /usr/ports/devel/autoconf213 and/or /usr/ports/mail/nmh, which it turn triggers a build of /usr/ports/devel/autoconf213.