From e252f3d93711cba459ff82f84837c2502cffb2a0 Mon Sep 17 00:00:00 2001 From: schwarze Date: Tue, 30 Aug 2016 21:58:59 +0000 Subject: [PATCH] When the database is corrupt in the sense of containing invalid pointers in the pages table, do not access NULL pointers, but gracefully handle the errors. Similar patches will be needed for the macro tables, too. audited the code and pointed out to me that dbm_get() can return NULL for corrupted databases, but that isn't handled properly at various places. --- usr.bin/mandoc/dbm.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/usr.bin/mandoc/dbm.c b/usr.bin/mandoc/dbm.c index 3334a2ce366..e4c707bcacc 100644 --- a/usr.bin/mandoc/dbm.c +++ b/usr.bin/mandoc/dbm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dbm.c,v 1.1 2016/08/01 10:32:39 schwarze Exp $ */ +/* $OpenBSD: dbm.c,v 1.2 2016/08/30 21:58:59 schwarze Exp $ */ /* * Copyright (c) 2016 Ingo Schwarze * @@ -140,10 +140,18 @@ dbm_page_get(int32_t ip) assert(ip >= 0); assert(ip < npages); res.name = dbm_get(pages[ip].name); + if (res.name == NULL) + res.name = "(NULL)"; res.sect = dbm_get(pages[ip].sect); + if (res.sect == NULL) + res.sect = "(NULL)"; res.arch = pages[ip].arch ? dbm_get(pages[ip].arch) : NULL; res.desc = dbm_get(pages[ip].desc); + if (res.desc == NULL) + res.desc = "(NULL)"; res.file = dbm_get(pages[ip].file); + if (res.file == NULL) + res.file = " (NULL)"; res.addr = dbm_addr(pages + ip); return &res; } @@ -240,7 +248,13 @@ page_bytitle(enum iter arg_iter, const struct dbm_match *arg_match) default: abort(); } - ip = 0; + if (cp == NULL) { + iteration = ITER_NONE; + match = NULL; + cp = NULL; + ip = npages; + } else + ip = 0; return res; } -- 2.20.1