Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package man2html/1.6g-9 It fixes a bug in parsing of tbl tables that causes man2html to generate so huge output when called on printf(1posix) man page that it appears to to hang in an endless loop. The bug was reported to Ubuntu, see https://bugs.launchpad.net/ubuntu/+source/man2html/+bug/1666067 . I discovered that the main cause of the issue lies in the following code that parses tbl headers: while (*c && *c!='.') { switch (*c) { // stripped case 'f': case 'F': c++; curfield->font = toupper(*c); c++; if (!isspace(*c)) c++; break; // stripped The last two increments of the `c' variable ignore the fact that the variable can be equal to '.' that should cause the loop to break. The '.' character means the end of the tbl header, but because of the bug man2html didn't notice that the header ended, it interpreted numbers like 99999999 that existed in the tbl body as widths of table's columns and then tried to apply such a huge widths by displayng ` ' strings... To fix the issue I made the increments conditional by adding "if (*c != '.')" checks. (When I think about it now, I realize that I should have checked for *c != '\0' as well just in case). I also run old and new versions of man2html on all manpages installed on my system, and it looks like the bug impacted a few more pages (but without making man2html to appear to hng on them) from manpages-posix package (namely {awk,ed,expr,gencat,lex,uunencode}(1posix), and additionally ethtool(8)), so its impact is not really big, but on the other hand the fix is really small, that's why I'd like to ask you to consider unblocking the package. Thanks, robert diff -Nru man2html-1.6g/debian/changelog man2html-1.6g/debian/changelog --- man2html-1.6g/debian/changelog 2015-10-26 00:58:23.000000000 +0100 +++ man2html-1.6g/debian/changelog 2017-04-19 22:54:48.000000000 +0200 @@ -1,3 +1,15 @@ +man2html (1.6g-9) unstable; urgency=medium + + * Add 036-fix-tbl-font-parsing.patch not to ignore the tbl header end + while parsing tbl font specifiers what caused man2html to hang on + printf(1posix) man page (LP: #1666067) + * man2html.cgi.c: fix a small typo found by lintian. + * debian/copyright: + + add Vcs-Git and Vcs-Browser fields; + + bump Standards-Version to 3.9.8 (no changes). + + -- Robert Luberda <rob...@debian.org> Wed, 19 Apr 2017 22:54:48 +0200 + man2html (1.6g-8) unstable; urgency=medium * Add 035-source-date-epoch.patch to produce reproducible timestamps in diff -Nru man2html-1.6g/debian/control man2html-1.6g/debian/control --- man2html-1.6g/debian/control 2015-10-26 00:58:23.000000000 +0100 +++ man2html-1.6g/debian/control 2017-04-19 22:54:48.000000000 +0200 @@ -3,8 +3,10 @@ Priority: optional Maintainer: Robert Luberda <rob...@debian.org> Build-Depends: debhelper (>= 9) -Standards-Version: 3.9.6 +Standards-Version: 3.9.8 Homepage: http://users.actrix.gen.nz/michael/vhman2html.html +Vcs-Git: https://anonscm.debian.org/git/users/robert/man2html.git +Vcs-Browser: https://anonscm.debian.org/cgit/users/robert/man2html.git Package: man2html-base Architecture: any diff -Nru man2html-1.6g/debian/patches/036-fix-tbl-font-parsing.patch man2html-1.6g/debian/patches/036-fix-tbl-font-parsing.patch --- man2html-1.6g/debian/patches/036-fix-tbl-font-parsing.patch 1970-01-01 01:00:00.000000000 +0100 +++ man2html-1.6g/debian/patches/036-fix-tbl-font-parsing.patch 2017-04-19 22:54:48.000000000 +0200 @@ -0,0 +1,42 @@ +From: Robert Luberda <rob...@debian.org> +Date: Wed, 19 Apr 2017 22:12:46 +0200 +Subject: Fix tbl font parsing + +The printf.1posix man page contains tbl table that looks like this: +.TS +lf5 | lf5 | lf7. +_ +9999999999@2147483647@printf: "9999999999" arithmetic overflow +.TE + +While parsing the last 'f' from the header line man2html used to ignore +all the characters until the next space. Unfortunately the included +the '.' (dot) that ends the header. As a result man2html considered the +table data lines as being part of the header and thus set the length +of cells to 9999999999 and 2147483647 characters. Finally it tried to +display such an unreasonable number of entities, what make it +to appear to hang... + +To fix the issue make sure the trailing dot is not ignored while parsing +'f' or 'F' specifiers of tbl header. + +Bugs-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/man2html/+bug/1666067 +--- + man2html/man2html.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/man2html/man2html.c b/man2html/man2html.c +index 8c4db71..9da6d19 100644 +--- a/man2html/man2html.c ++++ b/man2html/man2html.c +@@ -902,8 +902,8 @@ static char *scan_format(char *c, TABLEROW **result, int *maxcol) + case 'f': case 'F': + c++; + curfield->font = toupper(*c); +- c++; +- if (!isspace(*c)) c++; ++ if (*c != '.') c++; ++ if (*c != '.' && !isspace(*c)) c++; + break; + case 't': case 'T': curfield->valign='t'; c++; break; + case 'p': case 'P': diff -Nru man2html-1.6g/debian/patches/series man2html-1.6g/debian/patches/series --- man2html-1.6g/debian/patches/series 2015-10-26 00:58:23.000000000 +0100 +++ man2html-1.6g/debian/patches/series 2017-04-19 22:54:48.000000000 +0200 @@ -29,3 +29,4 @@ 033-gcc-warnings.patch 034-UTF8-charset.patch 035-source-date-epoch.patch +036-fix-tbl-font-parsing.patch diff -Nru man2html-1.6g/debian/sources/man2html.cgi.c man2html-1.6g/debian/sources/man2html.cgi.c --- man2html-1.6g/debian/sources/man2html.cgi.c 2015-10-26 00:58:23.000000000 +0100 +++ man2html-1.6g/debian/sources/man2html.cgi.c 2017-04-19 22:54:48.000000000 +0200 @@ -265,7 +265,7 @@ if (!toplevel && errno != ENOENT) { - fprintf(stderr, "man2html: error openning %s: %m\n", TOPLEVELDOC); + fprintf(stderr, "man2html: error opening %s: %m\n", TOPLEVELDOC); } if (!toplevel) unblock man2html/1.6g-9 -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (990, 'testing'), (200, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
