diff options
author | Ingo Schwarze <schwarze@openbsd.org> | 2016-08-30 22:01:07 +0000 |
---|---|---|
committer | Ingo Schwarze <schwarze@openbsd.org> | 2016-08-30 22:01:07 +0000 |
commit | 70cd74c5eec8e10211a001af63101b6ee56d0f9f (patch) | |
tree | a2b4f755967d0329953ed92f5f2f4fb86928f13b | |
parent | 0e0452344b24af80d11d23280318f0886f06af54 (diff) | |
download | mandoc-70cd74c5eec8e10211a001af63101b6ee56d0f9f.tar.gz |
When the database is corrupt in the sense of containing invalid
pointers in the pages table, do not access NULL pointers, but
gracefully handle the errors.
Similar patches will be needed for the macro tables, too.
<attila at stalphonsos dot com> audited the code and pointed out to me
that dbm_get() can return NULL for corrupted databases, but that isn't
handled properly at various places.
-rw-r--r-- | dbm.c | 16 |
1 files changed, 15 insertions, 1 deletions
@@ -150,10 +150,18 @@ dbm_page_get(int32_t ip) assert(ip >= 0); assert(ip < npages); res.name = dbm_get(pages[ip].name); + if (res.name == NULL) + res.name = "(NULL)"; res.sect = dbm_get(pages[ip].sect); + if (res.sect == NULL) + res.sect = "(NULL)"; res.arch = pages[ip].arch ? dbm_get(pages[ip].arch) : NULL; res.desc = dbm_get(pages[ip].desc); + if (res.desc == NULL) + res.desc = "(NULL)"; res.file = dbm_get(pages[ip].file); + if (res.file == NULL) + res.file = " (NULL)"; res.addr = dbm_addr(pages + ip); return &res; } @@ -250,7 +258,13 @@ page_bytitle(enum iter arg_iter, const struct dbm_match *arg_match) default: abort(); } - ip = 0; + if (cp == NULL) { + iteration = ITER_NONE; + match = NULL; + cp = NULL; + ip = npages; + } else + ip = 0; return res; } |