diff options
author | Ingo Schwarze <schwarze@cvs.openbsd.org> | 2016-08-30 21:59:00 +0000 |
---|---|---|
committer | Ingo Schwarze <schwarze@cvs.openbsd.org> | 2016-08-30 21:59:00 +0000 |
commit | 69d1f3ce4ed01b31e0a825c23e7375d21a4b31ae (patch) | |
tree | 026d458b2fd3b9b1cad984247c8ed68fcbd59e46 | |
parent | efeeff74d09032b7affa7b2983893cb44e773667 (diff) |
When the database is corrupt in the sense of containing invalid
pointers in the pages table, do not access NULL pointers, but
gracefully handle the errors.
Similar patches will be needed for the macro tables, too.
<attila at stalphonsos dot com> audited the code and pointed out to me
that dbm_get() can return NULL for corrupted databases, but that isn't
handled properly at various places.
-rw-r--r-- | usr.bin/mandoc/dbm.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/usr.bin/mandoc/dbm.c b/usr.bin/mandoc/dbm.c index 3334a2ce366..e4c707bcacc 100644 --- a/usr.bin/mandoc/dbm.c +++ b/usr.bin/mandoc/dbm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dbm.c,v 1.1 2016/08/01 10:32:39 schwarze Exp $ */ +/* $OpenBSD: dbm.c,v 1.2 2016/08/30 21:58:59 schwarze Exp $ */ /* * Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org> * @@ -140,10 +140,18 @@ dbm_page_get(int32_t ip) assert(ip >= 0); assert(ip < npages); res.name = dbm_get(pages[ip].name); + if (res.name == NULL) + res.name = "(NULL)"; res.sect = dbm_get(pages[ip].sect); + if (res.sect == NULL) + res.sect = "(NULL)"; res.arch = pages[ip].arch ? dbm_get(pages[ip].arch) : NULL; res.desc = dbm_get(pages[ip].desc); + if (res.desc == NULL) + res.desc = "(NULL)"; res.file = dbm_get(pages[ip].file); + if (res.file == NULL) + res.file = " (NULL)"; res.addr = dbm_addr(pages + ip); return &res; } @@ -240,7 +248,13 @@ page_bytitle(enum iter arg_iter, const struct dbm_match *arg_match) default: abort(); } - ip = 0; + if (cp == NULL) { + iteration = ITER_NONE; + match = NULL; + cp = NULL; + ip = npages; + } else + ip = 0; return res; } |