Today's run of /etc/weekly script reported a segmentation fault of
makewhatis(8) (compiled from the latest version).
This can be reproduced by issuing
# makewhatis
or, more easily, by
$ mandoc /usr/X11R6/man/man3/glPixelMap.3
The reason for this seems to be a mistake in the equation parsing code.
The line causing the segfault is in /usr/X11R6/man/man3/glPixelMap.3, line 168:
center tab(:) delim($$) ;
which appears in various other glPixel*.3 manuals as well. Moving those
manuals away allows makewhatis(8) to complete successfully. Also, changing
this manual line into ``center tab(:) ;'' makes the segfault go away.
The segfault doesn't occur when reverting eqn.c to revision 1.16.
Here's a backtrace of makewhatis's segfault:
$ gdb obj/makewhatis makewhatis.core
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "amd64-unknown-openbsd5.6"...
Core was generated by `makewhatis'.
Program terminated with signal 11, Segmentation fault.
Loaded symbols for /usr/obj/usr.bin/mandoc/makewhatis
Reading symbols from /usr/lib/libsqlite3.so.28.0...done.
Loaded symbols for /usr/lib/libsqlite3.so.28.0
Reading symbols from /usr/lib/libutil.so.12.1...done.
Loaded symbols for /usr/lib/libutil.so.12.1
Reading symbols from /usr/lib/libc.so.77.2...done.
Loaded symbols for /usr/lib/libc.so.77.2
Reading symbols from /usr/libexec/ld.so...done.
Loaded symbols for /usr/libexec/ld.so
#0 eqn_tok_parse (ep=0x1539468feb80, p=0x7f7ffffefca8) at
/usr/src/usr.bin/mandoc/eqn.c:493
493 quoted = ep->data[ep->cur] == '"';
(gdb) bt
#0 eqn_tok_parse (ep=0x1539468feb80, p=0x7f7ffffefca8) at
/usr/src/usr.bin/mandoc/eqn.c:493
#1 0x0000153678d19f2d in eqn_end (epp=Variable "epp" is not available.
) at /usr/src/usr.bin/mandoc/eqn.c:702
#2 0x0000153678d1ae8d in eqn_read (epp=Variable "epp" is not available.
) at /usr/src/usr.bin/mandoc/eqn.c:285
#3 0x0000153678d1786f in roff_parseln (r=0x15389d817d00, ln=168,
bufp=0x7f7ffffefed0,
szp=0x7f7ffffefed8, pos=1, offs=0x7f7ffffefee4) at
/usr/src/usr.bin/mandoc/roff.c:768
#4 0x0000153678d142ba in mparse_buf_r (curp=0x1538b82eca00, blk=
{buf = 0x15393519deb0 ".EN\n\\&) ;", sz = 10}, start=0) at
/usr/src/usr.bin/mandoc/read.c:478
#5 0x0000153678d145c5 in mparse_buf_r (curp=0x1538b82eca00, blk=
{buf = 0x15393bf6e380 "center tab(:) delim(\\&\n.EQ\n$) ;", sz = 32},
start=0)
at /usr/src/usr.bin/mandoc/read.c:484
#6 0x0000153678d145c5 in mparse_buf_r (curp=0x1538b82eca00, blk=
{buf = 0x153969bb1000 <Address 0x153969bb1000 out of bounds>, sz = 7390},
start=1)
at /usr/src/usr.bin/mandoc/read.c:484
#7 0x0000153678d13eb5 in mparse_readfd (curp=0x1538b82eca00, fd=5,
file=0x15394371f000 "man3/glPixelMap.3") at
/usr/src/usr.bin/mandoc/read.c:730
#8 0x0000153678d4218e in mpages_merge (mc=0x153915bbbdc0, mp=0x1538b82eca00)
at /usr/src/usr.bin/mandoc/mandocdb.c:1119
#9 0x0000153678d42f0a in mandocdb (argc=0, argv=0x7f7fffff16a0)
at /usr/src/usr.bin/mandoc/mandocdb.c:503
#10 0x0000153678d28be0 in main (argc=0, argv=0x6f00000000) at
/usr/src/usr.bin/mandoc/main.c:124
