[bug #65427] troff segfaults when output file flush fails

anonymous Wed, 06 Mar 2024 14:34:20 -0800

URL:
  <https://savannah.gnu.org/bugs/?65427>


                 Summary: troff segfaults when output file flush fails
                   Group: GNU roff
               Submitter: None
               Submitted: Wed 06 Mar 2024 10:34:05 PM UTC
                Category: Core
                Severity: 3 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: None


    _______________________________________________________

Follow-up Comments:


-------------------------------------------------------
Date: Wed 06 Mar 2024 10:34:05 PM UTC By: Anonymous
Due to a problem in AppArmour policy in Ubuntu, the flush on output file may
fail, see:

https://bugs.launchpad.net/ubuntu/+source/lintian/+bug/2055402

While the root cause may be fixed by changing the security policy, the
application should still not segfault in this case.

The reason for this segfault is that real_output_file::flush() will set fp=0
before calling fatal(). This will end up calling cleanup_and_exit() which
calls troff_output_file::trailer via the_output->trailer().

troff_output_file::trailer() calls put() which ends up passing NULL pointer to
putc(), which causes the segfault.







    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?65427>

_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/

[bug #65427] troff segfaults when output file flush fails

Reply via email to