Debian Bug report logs - #123130
man-db: mandb segfaults in rare circumstances

version graph

Package: man-db; Maintainer for man-db is Colin Watson <cjwatson@debian.org>; Source for man-db is src:man-db.

Reported by: Chris Metzler <cmetzler@speakeasy.net>

Date: Sun, 9 Dec 2001 21:33:03 UTC

Severity: important

Found in versions 2.3.20-12, 2.3.20-13, 2.3.20-15

Fixed in version man-db/2.3.20-15

Done: Colin Watson <cjwatson@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Colin Watson <cjwatson@debian.org>:
Bug#123130; Package man-db. Full text and rfc822 format available.

Acknowledgement sent to Chris Metzler <cmetzler@speakeasy.net>:
New Bug report received and forwarded. Copy sent to Colin Watson <cjwatson@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Chris Metzler <cmetzler@speakeasy.net>
To: submit@bugs.debian.org
Subject: man-db: New (2.3.20-12) version of man-db segfaults while updating index cache.
Date: Sun, 09 Dec 2001 16:22:11 -0500
Package: man-db
Version: 2.3.20-12
Severity: important


Late Saturday morning, I updated my copy of man-db with the most
recent upgrade in testing. I'd been running the one in testing
before that; I've been installed for two months and have never
had any problem with man-db.  However, the very first time the
new copy of mandb got run, in an early morning cron job, it
segfaulted.  Entering the command by hand, without the output
redirects, shows:

# start-stop-daemon --start --pidfile /dev/null --startas /usr/lib/man-db/mandb --oknodo --chuid man -- --no-purge                       
Processing manual pages under /usr/man...
Checking for stray cats under /usr/man...
Checking for stray cats under /var/cache/man/fsstnd...
Processing manual pages under /usr/share/man...
Updating index cache for path `/usr/share/man'. Wait...Segmentation fault

It appears that a bug got introduced in the most recent man-db update
to woody?

Thanks for any help,

-c

-- System Information
Debian Release: 3.0
Kernel Version: Linux stax 2.2.19pre17 #1 Tue Mar 13 22:37:59 EST 2001 i686 unknown

Versions of the packages man-db depends on:
ii  bsdmainutils   5.20010615-2   More utilities from FreeBSD.
ii  debconf        1.0.21         Debian configuration management system
ii  dpkg           1.9.18         Package maintenance system for Debian
ii  groff-base     1.17.2-9       GNU troff text-formatting system (base syste
ii  libc6          2.2.4-5        GNU C Library: Shared libraries and Timezone
ii  libdb2         2.7.7.0-2      The Berkeley database routines (run-time fil
groff	Not installed or no info



Acknowledgement sent to Colin Watson <cjwatson@flatline.org.uk>:
Extra info received and filed, but not forwarded. Full text and rfc822 format available.

Message #8 received at 123130-quiet@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@flatline.org.uk>
To: Chris Metzler <cmetzler@speakeasy.net>, 123130-quiet@bugs.debian.org
Subject: Re: Bug#123130: man-db: New (2.3.20-12) version of man-db segfaults while updating index cache.
Date: Sun, 9 Dec 2001 23:54:34 +0000
On Sun, Dec 09, 2001 at 04:22:11PM -0500, Chris Metzler wrote:
> Late Saturday morning, I updated my copy of man-db with the most
> recent upgrade in testing. I'd been running the one in testing
> before that; I've been installed for two months and have never
> had any problem with man-db.  However, the very first time the
> new copy of mandb got run, in an early morning cron job, it
> segfaulted.  Entering the command by hand, without the output
> redirects, shows:
> 
> # start-stop-daemon --start --pidfile /dev/null --startas /usr/lib/man-db/mandb --oknodo --chuid man -- --no-purge                       
> Processing manual pages under /usr/man...
> Checking for stray cats under /usr/man...
> Checking for stray cats under /var/cache/man/fsstnd...
> Processing manual pages under /usr/share/man...
> Updating index cache for path `/usr/share/man'. Wait...Segmentation fault
> 
> It appears that a bug got introduced in the most recent man-db update
> to woody?

The previous version in woody was 2.3.20-10 (which itself fixed a number
of segfault bugs, and was in woody from about 24 November), and there
have been no code changes to mandb since then. Do you happen to remember
what the previous version was?

Failing that, I need more information before I can do anything about
this. Please run '/usr/lib/man-db/mandb --debug --no-purge' as the 'man'
user and send the output to this bug report. I might also need you to
build a debugging version of mandb later.

I should say that I probably won't be able to fix this in woody, as the
base system freezes today.

Cheers,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]



Acknowledgement sent to Colin Watson <cjwatson@flatline.org.uk>:
Extra info received and filed, but not forwarded. Full text and rfc822 format available.

Message #11 received at 123130-quiet@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@flatline.org.uk>
To: Chris Metzler <cmetzler@speakeasy.net>
Cc: 123130-quiet@bugs.debian.org
Subject: Re: Bug#123130: man-db: New (2.3.20-12) version of man-db segfaults while updating index cache.
Date: Mon, 10 Dec 2001 01:16:48 +0000
On Sun, Dec 09, 2001 at 07:52:57PM -0500, Chris Metzler wrote:
> "newshist - extract history line for news article(s) newsdaily - maintain news log files and report problems newswatch - keep an eye on news system for difficulties newsboot - clean up news debris on reboot locknews - lock news system addgroup, delgroup - add and delete newsgroups, locally only adddirs - make any missing directories for active newsgroups act.to.times - create active.times file for news readers histfrom, newsfrom - list news arriving over specific time range addmissing - add missing news articles to history file"
> base_name = `addmissing', id = C
> base_name = `histfrom, newsfrom', id = C
> pointer_name = `histfrom'
> comma = `newsfrom'
> base_name = `act.to.times', id = B
> ignoring identical multi key: act.to.times
> Segmentation fault

Aha, I can reproduce this exactly by installing cnews. I'd probably
better go to bed now, but I'll be able to do something about this
tomorrow or the next day.

Thanks for the help!

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]



Acknowledgement sent to Colin Watson <cjwatson@flatline.org.uk>:
Extra info received and filed, but not forwarded. Full text and rfc822 format available.

Message #14 received at 123130-quiet@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@flatline.org.uk>
To: Chris Metzler <cmetzler@speakeasy.net>
Cc: 123130-quiet@bugs.debian.org
Subject: Re: Bug#123130: man-db: New (2.3.20-12) version of man-db segfaults while updating index cache.
Date: Sun, 6 Jan 2002 14:59:29 +0000
On Mon, Dec 10, 2001 at 01:16:48AM +0000, Colin Watson wrote:
> Aha, I can reproduce this exactly by installing cnews. I'd probably
> better go to bed now, but I'll be able to do something about this
> tomorrow or the next day.

Annoyingly, I can no longer reproduce this, even by removing cnews,
rebuilding the database from scratch, reinstalling cnews, and running
mandb.

Do you still see this segfault? If so, please try getting a gdb
backtrace: http://people.debian.org/~cjwatson/mandb.debug is a mandb
binary compiled with the necessary debugging symbols. As before, you'll
need to be logged in as the 'man' user.

Thanks,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]



Tags added: help Request was from Colin Watson <cjwatson@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Severity set to `normal'. Request was from Colin Watson <cjwatson@flatline.org.uk> to control@bugs.debian.org. Full text and rfc822 format available.

Changed Bug title. Request was from Colin Watson <cjwatson@flatline.org.uk> to control@bugs.debian.org. Full text and rfc822 format available.

Acknowledgement sent to Colin Watson <cjwatson@flatline.org.uk>:
Extra info received and filed, but not forwarded. Full text and rfc822 format available.

Message #23 received at 123130-quiet@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@flatline.org.uk>
To: Chris Metzler <cmetzler@speakeasy.net>
Cc: 123130-quiet@bugs.debian.org, control@bugs.debian.org
Subject: Re: Bug#123130: man-db: New (2.3.20-12) version of man-db segfaults while updating index cache.
Date: Tue, 8 Jan 2002 02:49:17 +0000
severity 123130 normal
retitle 123130 man-db: mandb segfaults in rare circumstances
thanks

On Mon, Jan 07, 2002 at 04:54:05PM -0500, Chris Metzler wrote:
> hi colin.  thanks for your email.
> > Annoyingly, I can no longer reproduce this, even by removing cnews,
> > rebuilding the database from scratch, reinstalling cnews, and running
> > mandb.
> > 
> > Do you still see this segfault? If so, please try getting a gdb
> > backtrace: http://people.debian.org/~cjwatson/mandb.debug is a mandb
> > binary compiled with the necessary debugging symbols. As before, you'll
> > need to be logged in as the 'man' user.
> 
> funny you should mention it . . .i was about to write you over this.
> a few days later, i turned this back on, and was surprised when i did
> not get the error message when all the (ana)cron jobs ran.  in fact,
> it's run several times since with no problems.

I wish I knew what was going on. I did reproduce it *once*, but only
once. My best guess is that other bits of the state of the database at
that time happened to trigger some bad memory management issues in
mandb, but, of course, without being able to reproduce it I won't be
able to track it down beyond that.

> i'm selfishly glad you ran into the segfault as well, so that you don't
> think i'm just a nut;

Have a look at bugs #115219 and #117009. No-one reporting segfaults in
this package will be called a nut by me. :)

> but i'm no longer able to reproduce it, so i don't know what to say/do
> at this point.  i feel weird closing the bug when nothing has been
> changed; but OTOH it seems to be working now.  i don't get it.
> 
> let me know what you'd like me to do . . .

Since it doesn't seem to happen except under rather exceptional
circumstances, I'm downgrading this bug to normal for now, and it
remains tagged 'help'. All that I can really ask is that you let me know
of any more segfaults you see, and ideally send me a copy of the
database (probably /var/cache/man/index.bt, but also possibly one of the
other index.bt files under /var/cache/man, depending on which hierarchy
it was processing when it segfaulted). I'll leave the debugging binary
at the location I gave for some time in case you need to make use of it.

There are some issues I know about with mandb's memory management, but
haven't yet had time to fix. In particular, there are several functions
that allocate structures on the stack and then return them, which is
probably asking for trouble. I'll fix those and see if my general
impression is that mandb becomes more stable for everyone, and if so I
imagine I'll eventually close this bug. There's no harm in it remaining
open for the time being.

Thanks,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]



Information forwarded to man-db@packages.qa.debian.org:
Bug#123130; Package man-db. Full text and rfc822 format available.

Acknowledgement sent to Colin Watson <cjwatson@flatline.org.uk>:
Extra info received and filed, but not forwarded. Copy sent to man-db@packages.qa.debian.org. Full text and rfc822 format available.

Message #28 received at 123130-quiet@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@flatline.org.uk>
To: debian-sparc@lists.debian.org
Cc: 123130-quiet@bugs.debian.org, cmetzler@speakeasy.net, 111288@bugs.debian.org
Subject: Re: Segmentation fault for man-db _2.3.20-12 on woody
Date: Wed, 23 Jan 2002 11:12:19 +0000
On Wed, Jan 23, 2002 at 08:57:23AM +0100, Christian J?nsson wrote:
> OK, I cc this to the persons reporting on that bug. And I add in my
> latest cron output.

I need, at a bare minimum, the output of 'mandb --debug --no-purge' when
run as the 'man' user. Ideally, I would get a gdb backtrace as well.

On SPARC, also see bug #111288 in libdb2. Post-woody I'll be moving to
libdb3, which may help matters.

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]



Information forwarded to man-db@packages.qa.debian.org:
Bug#123130; Package man-db. Full text and rfc822 format available.

Acknowledgement sent to Ben Collins <bcollins@debian.org>:
Extra info received and filed, but not forwarded. Copy sent to man-db@packages.qa.debian.org. Full text and rfc822 format available.

Message #33 received at 123130-quiet@bugs.debian.org (full text, mbox):

From: Ben Collins <bcollins@debian.org>
To: Colin Watson <cjwatson@flatline.org.uk>
Cc: debian-sparc@lists.debian.org, 123130-quiet@bugs.debian.org, cmetzler@speakeasy.net, 111288@bugs.debian.org
Subject: Re: Segmentation fault for man-db _2.3.20-12 on woody
Date: Wed, 23 Jan 2002 10:49:37 -0500
On Wed, Jan 23, 2002 at 11:12:19AM +0000, Colin Watson wrote:
> On Wed, Jan 23, 2002 at 08:57:23AM +0100, Christian J?nsson wrote:
> > OK, I cc this to the persons reporting on that bug. And I add in my
> > latest cron output.
> 
> I need, at a bare minimum, the output of 'mandb --debug --no-purge' when
> run as the 'man' user. Ideally, I would get a gdb backtrace as well.
> 
> On SPARC, also see bug #111288 in libdb2. Post-woody I'll be moving to
> libdb3, which may help matters.

Still looks like a mandb bug to me. Perhaps you aren't passing the right
flags to db_open.

-- 
 .----------=======-=-======-=========-----------=====------------=-=-----.
/                   Ben Collins    --    Debian GNU/Linux                  \
`  bcollins@debian.org  --  bcollins@openldap.org  --  bcollins@linux.com  '
 `---=========------=======-------------=-=-----=-===-======-------=--=---'



Information forwarded to man-db@packages.qa.debian.org:
Bug#123130; Package man-db. Full text and rfc822 format available.

Acknowledgement sent to Colin Watson <cjwatson@flatline.org.uk>:
Extra info received and filed, but not forwarded. Copy sent to man-db@packages.qa.debian.org. Full text and rfc822 format available.

Message #38 received at 123130-quiet@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@flatline.org.uk>
To: debian-sparc@lists.debian.org
Cc: 123130-quiet@bugs.debian.org, cmetzler@speakeasy.net, 111288@bugs.debian.org
Subject: Re: Segmentation fault for man-db _2.3.20-12 on woody
Date: Wed, 23 Jan 2002 15:55:02 +0000
On Wed, Jan 23, 2002 at 10:49:37AM -0500, Ben Collins wrote:
> On Wed, Jan 23, 2002 at 11:12:19AM +0000, Colin Watson wrote:
> > I need, at a bare minimum, the output of 'mandb --debug --no-purge' when
> > run as the 'man' user. Ideally, I would get a gdb backtrace as well.
> > 
> > On SPARC, also see bug #111288 in libdb2. Post-woody I'll be moving to
> > libdb3, which may help matters.
> 
> Still looks like a mandb bug to me. Perhaps you aren't passing the right
> flags to db_open.

All I do is dbopen(filename, O_RDWR, mode, DB_BTREE, &b) - or O_RDONLY
or whatever's appropriate - where b is a BTREEINFO structure as follows:

  flags      = R_DUP
  cachesize  = 0
  maxkeypage = 0
  minkeypage = 0
  psize      = 0
  compare    = NULL
  prefix     = NULL
  lorder     = 0

I haven't looked at this code much at all, as it seems fine on i386. If
those flags are a problem on sparc, please tell me and I'll do something
about it.

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]



Information forwarded to man-db@packages.qa.debian.org:
Bug#123130; Package man-db. Full text and rfc822 format available.

Acknowledgement sent to Ben Collins <bcollins@debian.org>:
Extra info received and filed, but not forwarded. Copy sent to man-db@packages.qa.debian.org. Full text and rfc822 format available.

Message #43 received at 123130-quiet@bugs.debian.org (full text, mbox):

From: Ben Collins <bcollins@debian.org>
To: Colin Watson <cjwatson@flatline.org.uk>
Cc: debian-sparc@lists.debian.org, 123130-quiet@bugs.debian.org, cmetzler@speakeasy.net, 111288@bugs.debian.org
Subject: Re: Segmentation fault for man-db _2.3.20-12 on woody
Date: Wed, 23 Jan 2002 11:34:15 -0500
On Wed, Jan 23, 2002 at 03:55:02PM +0000, Colin Watson wrote:
> On Wed, Jan 23, 2002 at 10:49:37AM -0500, Ben Collins wrote:
> > On Wed, Jan 23, 2002 at 11:12:19AM +0000, Colin Watson wrote:
> > > I need, at a bare minimum, the output of 'mandb --debug --no-purge' when
> > > run as the 'man' user. Ideally, I would get a gdb backtrace as well.
> > > 
> > > On SPARC, also see bug #111288 in libdb2. Post-woody I'll be moving to
> > > libdb3, which may help matters.
> > 
> > Still looks like a mandb bug to me. Perhaps you aren't passing the right
> > flags to db_open.
> 
> All I do is dbopen(filename, O_RDWR, mode, DB_BTREE, &b) - or O_RDONLY
> or whatever's appropriate - where b is a BTREEINFO structure as follows:

Well, to be honest, you have a better approach. Man-db uses only the
db185 routines. So instead of linking to -ldb2 and using backward compat
routines, do this:

#define BDB_H db1/db.h

LIBS=-ldb1

No reason to use an abstracted routine when libc6 includes libdb1
anyway.


Ben

-- 
 .----------=======-=-======-=========-----------=====------------=-=-----.
/                   Ben Collins    --    Debian GNU/Linux                  \
`  bcollins@debian.org  --  bcollins@openldap.org  --  bcollins@linux.com  '
 `---=========------=======-------------=-=-----=-===-======-------=--=---'



Information forwarded to man-db@packages.qa.debian.org:
Bug#123130; Package man-db. Full text and rfc822 format available.

Acknowledgement sent to Colin Watson <cjwatson@flatline.org.uk>:
Extra info received and filed, but not forwarded. Copy sent to man-db@packages.qa.debian.org. Full text and rfc822 format available.

Message #48 received at 123130-quiet@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@flatline.org.uk>
To: debian-sparc@lists.debian.org
Cc: 123130-quiet@bugs.debian.org
Subject: Re: Segmentation fault for man-db _2.3.20-12 on woody
Date: Wed, 23 Jan 2002 16:46:23 +0000
[cc's trimmed a bit]

On Wed, Jan 23, 2002 at 11:34:15AM -0500, Ben Collins wrote:
> On Wed, Jan 23, 2002 at 03:55:02PM +0000, Colin Watson wrote:
> > All I do is dbopen(filename, O_RDWR, mode, DB_BTREE, &b) - or O_RDONLY
> > or whatever's appropriate - where b is a BTREEINFO structure as follows:
> 
> Well, to be honest, you have a better approach. Man-db uses only the
> db185 routines. So instead of linking to -ldb2 and using backward compat
> routines, do this:
> 
> #define BDB_H db1/db.h
> 
> LIBS=-ldb1
> 
> No reason to use an abstracted routine when libc6 includes libdb1
> anyway.

Whee. Will that stay there for the foreseeable future? Are the on-disk
formats compatible, or do I need to nuke existing databases when
switching to this in woody+1 (which is OK, they're just caches, but user
databases need to be taken into consideration)?

There isn't much of use in the changelog about why Fabrizio chose to
link against libdb2 in the first place.

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]



Information forwarded to man-db@packages.qa.debian.org:
Bug#123130; Package man-db. Full text and rfc822 format available.

Acknowledgement sent to Ben Collins <bcollins@debian.org>:
Extra info received and filed, but not forwarded. Copy sent to man-db@packages.qa.debian.org. Full text and rfc822 format available.

Message #53 received at 123130-quiet@bugs.debian.org (full text, mbox):

From: Ben Collins <bcollins@debian.org>
To: Colin Watson <cjwatson@flatline.org.uk>
Cc: debian-sparc@lists.debian.org, 123130-quiet@bugs.debian.org
Subject: Re: Segmentation fault for man-db _2.3.20-12 on woody
Date: Wed, 23 Jan 2002 13:26:36 -0500
On Wed, Jan 23, 2002 at 04:46:23PM +0000, Colin Watson wrote:
> [cc's trimmed a bit]
> 
> On Wed, Jan 23, 2002 at 11:34:15AM -0500, Ben Collins wrote:
> > On Wed, Jan 23, 2002 at 03:55:02PM +0000, Colin Watson wrote:
> > > All I do is dbopen(filename, O_RDWR, mode, DB_BTREE, &b) - or O_RDONLY
> > > or whatever's appropriate - where b is a BTREEINFO structure as follows:
> > 
> > Well, to be honest, you have a better approach. Man-db uses only the
> > db185 routines. So instead of linking to -ldb2 and using backward compat
> > routines, do this:
> > 
> > #define BDB_H db1/db.h
> > 
> > LIBS=-ldb1
> > 
> > No reason to use an abstracted routine when libc6 includes libdb1
> > anyway.
> 
> Whee. Will that stay there for the foreseeable future? Are the on-disk
> formats compatible, or do I need to nuke existing databases when
> switching to this in woody+1 (which is OK, they're just caches, but user
> databases need to be taken into consideration)?

The on disk format should be the same. Will be easy to test for this
though :) The libdb1 should remain for atleast woody, and most likely
post-woody too (maybe). Post-woody, you can always switch to db3 and
actually use the db3 interfaces.

> There isn't much of use in the changelog about why Fabrizio chose to
> link against libdb2 in the first place.

Might have been when the huge libc6-db-is-incompat-with-libdb2 thing
happened. Which was a long time ago.

-- 
 .----------=======-=-======-=========-----------=====------------=-=-----.
/                   Ben Collins    --    Debian GNU/Linux                  \
`  bcollins@debian.org  --  bcollins@openldap.org  --  bcollins@linux.com  '
 `---=========------=======-------------=-=-----=-===-======-------=--=---'



Information forwarded to man-db@packages.qa.debian.org:
Bug#123130; Package man-db. Full text and rfc822 format available.

Acknowledgement sent to Colin Watson <cjwatson@flatline.org.uk>:
Extra info received and filed, but not forwarded. Copy sent to man-db@packages.qa.debian.org. Full text and rfc822 format available.

Message #58 received at 123130-quiet@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@flatline.org.uk>
To: Ben Collins <bcollins@debian.org>
Cc: 123130-quiet@bugs.debian.org
Subject: Re: Segmentation fault for man-db _2.3.20-12 on woody
Date: Wed, 23 Jan 2002 18:30:26 +0000
On Wed, Jan 23, 2002 at 01:26:36PM -0500, Ben Collins wrote:
> On Wed, Jan 23, 2002 at 04:46:23PM +0000, Colin Watson wrote:
> > Whee. Will that stay there for the foreseeable future? Are the on-disk
> > formats compatible, or do I need to nuke existing databases when
> > switching to this in woody+1 (which is OK, they're just caches, but user
> > databases need to be taken into consideration)?
> 
> The on disk format should be the same. Will be easy to test for this
> though :) The libdb1 should remain for atleast woody, and most likely
> post-woody too (maybe). Post-woody, you can always switch to db3 and
> actually use the db3 interfaces.

Well, given the freeze I only care about post-woody-release. I'll
probably switch to libdb1 at that point until I can write a proper db3
layer.

Thanks for the help!

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]



Information forwarded to man-db@packages.qa.debian.org:
Bug#123130; Package man-db. Full text and rfc822 format available.

Acknowledgement sent to Eirik Fuller <eirik@hackrat.com>:
Extra info received and filed, but not forwarded. Copy sent to man-db@packages.qa.debian.org. Full text and rfc822 format available.

Message #63 received at 123130-quiet@bugs.debian.org (full text, mbox):

From: Eirik Fuller <eirik@hackrat.com>
To: <123130-quiet@bugs.debian.org>
Subject: Re: Bug#123130: man-db: New (2.3.20-12) version of man-db segfaults while updating index cache.
Date: Sun, 27 Jan 2002 16:12:31 -0800 (PST)
This patch prevents a repeatable crash in mandb:


--- man_db-2.3.20/src/check_mandirs.c-	Thu Sep  6 16:43:12 2001
+++ man_db-2.3.20/src/check_mandirs.c	Sun Jan 27 15:34:54 2002
@@ -197,7 +197,6 @@
 				fprintf (stderr, "comma = `%s'\n", comma);
 			ret = dbstore (info, comma);
 			if (ret > 0) {
-				free (pointer_name);
 				return ret;
 			}
 		}
@@ -206,7 +205,6 @@
 	/* If we've already dealt with it, ignore */
 		
 	if (strcmp (raw_whatis, pointer_name) == 0) {
-		free (pointer_name);
 		return 0;
 	}
 		
@@ -214,7 +212,6 @@
 		fprintf (stderr, "raw_w = `%s'\n", raw_whatis);
 	ret = dbstore (info, raw_whatis);
 	if (ret > 0) {
-		free (pointer_name);
 		return ret;
 	}
 
@@ -499,6 +496,8 @@
 		}
 
 		info.id = save_id;
+		if (info.pointer != base_name)
+			free(info.pointer);
 		info.pointer = NULL;
 		if (!opt_test)
 			if (splitline (lg.whatis, &info, base_name) == 1)


The crash is repeatable only if I keep a copy of /var/cache/man/index.bt
handy; "mandb -c" scares the crash away.  I've convinced myself that
splitline can free pointer_name after assigning it to info->pointer,
and that test_manfile can subsequently reuse info->pointer.  In the
crash scenario I investigated, the return value of xmalloc which
make_content assigns to cont.dptr matches the value of in->pointer,
which causes sprintf to overrun cont.dptr; the resulting corruption of
the malloc pool leads to a crash in chunk_alloc (from malloc.c).

I noticed that /var/cache/man/index.bt is different with that patch
than without it, when built by "mandb -c"; the output of "man -k dbm"
looks better when the index.bt rebuilt with the patch is installed.

I found two entries in /usr/share/doc/man-db/changlog.gz which seem
relevant, the entry date "Sun Jul  1 01:58:33 BST 2001" and the entry
dated "Sat Jun 16 18:30:09 BST 2001".

I'd be happy to provide additional details about the circumstances
which led to this patch; I still have the index.bt file which triggers
the crash.



Information forwarded to man-db@packages.qa.debian.org:
Bug#123130; Package man-db. Full text and rfc822 format available.

Acknowledgement sent to Eirik Fuller <eirik@hackrat.com>:
Extra info received and filed, but not forwarded. Copy sent to man-db@packages.qa.debian.org. Full text and rfc822 format available.

Message #68 received at 123130-quiet@bugs.debian.org (full text, mbox):

From: Eirik Fuller <eirik@hackrat.com>
To: <123130-quiet@bugs.debian.org>
Subject: bug 123130
Date: Mon, 28 Jan 2002 16:15:00 -0800 (PST)
I sent a bunch of stuff to bug 123120 by mistake (which also
misdirected some related replies there); the punchline is that this
seems like the right patch:

--- man_db-2.3.20/src/check_mandirs.c-	Thu Sep  6 16:43:12 2001
+++ man_db-2.3.20/src/check_mandirs.c	Mon Jan 28 09:38:33 2002
@@ -480,8 +480,10 @@
 					--end_othername;
 				*end_othername = '\0';
 			}
-			if (STREQ (base_name, othername))
+			if (STREQ (base_name, othername)) {
 				info.id = save_id;
+				info.pointer = NULL;
+			}
 			else {
 				info.id = WHATIS_MAN;
 				info.pointer = base_name;



Severity set to `important'. Request was from Colin Watson <cjwatson@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Tags removed: help Request was from Colin Watson <cjwatson@flatline.org.uk> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to man-db@packages.qa.debian.org:
Bug#123130; Package man-db. Full text and rfc822 format available.

Acknowledgement sent to Colin Watson <cjwatson@debian.org>:
Extra info received and filed, but not forwarded. Copy sent to man-db@packages.qa.debian.org. Full text and rfc822 format available.

Message #77 received at 123130-quiet@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: Eirik Fuller <eirik@hackrat.com>
Cc: Chris Metzler <cmetzler@speakeasy.net>, 123130-quiet@bugs.debian.org
Subject: Re: Bug#123130: man-db: New (2.3.20-12) version of man-db segfaults while updating index cache.
Date: Wed, 30 Jan 2002 01:51:23 +0000
On Mon, Jan 28, 2002 at 09:55:31AM -0800, Eirik Fuller wrote:
> This patch also prevents the crash:
[...]
> I ran an otherwise unpatched mandb with this patch under gdb, and
> confirmed that the second time through the loop, info.pointer was
> NULL before the call to splitline, and "-" afterward.

I'm glad you can reproduce this, as I haven't succeeded in doing so
since the time I installed cnews right after Chris Metzler's initial bug
report. I think it may depend on readdir() order or something equally
fragile.

> I think this (or something very similar) is the right patch.  I can't
> honestly say I believe that about either of my first two.  :-)

Unfortunately, when I investigated further I found that the code
actually does expect to be able to reuse info->pointer in some nasty
cases. (When I tried the patch we'd agreed seemed like the right
approach, several entries that should have stayed in the database
vanished.)

I've gone back to something rather similar to the first patch you sent,
but with a different - I think neater - condition on whether to free
info->pointer. As an added bonus, this fixes an entirely separate bug
whereby some B (symlink or .so link) entries in the database ended up
with spurious pointer fields.

I've put a package with this patch at
http://people.debian.org/~cjwatson/man-db/; it would be great if both of
you could test this.

Index: check_mandirs.c
===================================================================
RCS file: /cvsroot/man-db/man-db/src/check_mandirs.c,v
retrieving revision 1.19
diff -p -u -r1.19 check_mandirs.c
--- check_mandirs.c	2002/01/12 18:00:24	1.19
+++ check_mandirs.c	2002/01/30 01:17:24
@@ -163,6 +163,7 @@ int splitline (char *raw_whatis, struct 
 
 	ret = dbstore (info, pointer_name);
 	if (ret > 0) {
+		info->pointer = NULL;
 		free (pointer_name);
 		return ret;
 	}
@@ -171,6 +172,7 @@ int splitline (char *raw_whatis, struct 
 	   next file */
 
 	if (!raw_whatis || strchr (raw_whatis, ',') == NULL) {
+		info->pointer = NULL;
 		free (pointer_name);
 		return 0;
 	}
@@ -184,6 +186,7 @@ int splitline (char *raw_whatis, struct 
 
 	/* don't waste space storing the whatis in the db */
 	info->whatis = NULL;
+	/* This may be used in the next splitline() call. */
 	info->pointer = pointer_name; 
 	
 	while ((comma = strrchr (raw_whatis, ',')) != NULL) {
@@ -196,27 +199,21 @@ int splitline (char *raw_whatis, struct 
 			if (debug)
 				fprintf (stderr, "comma = `%s'\n", comma);
 			ret = dbstore (info, comma);
-			if (ret > 0) {
-				free (pointer_name);
+			if (ret > 0)
 				return ret;
-			}
 		}
 	}
 
 	/* If we've already dealt with it, ignore */
 		
-	if (strcmp (raw_whatis, pointer_name) == 0) {
-		free (pointer_name);
+	if (strcmp (raw_whatis, pointer_name) == 0)
 		return 0;
-	}
-		
+
 	if (debug)
 		fprintf (stderr, "raw_w = `%s'\n", raw_whatis);
 	ret = dbstore (info, raw_whatis);
-	if (ret > 0) {
-		free (pointer_name);
+	if (ret > 0)
 		return ret;
-	}
 
 	return 0;
 }
@@ -484,6 +481,8 @@ void test_manfile (char *file, const cha
 				info.id = save_id;
 			else {
 				info.id = WHATIS_MAN;
+				if (info.pointer)
+					free (info.pointer);
 				info.pointer = base_name;
 			}
 			if (!opt_test) {
@@ -499,6 +498,8 @@ void test_manfile (char *file, const cha
 		}
 
 		info.id = save_id;
+		if (info.pointer)
+			free (info.pointer);
 		info.pointer = NULL;
 		if (!opt_test)
 			if (splitline (lg.whatis, &info, base_name) == 1)

Thanks,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]



Information forwarded to debian-bugs-dist@lists.debian.org, Colin Watson <cjwatson@debian.org>, man-db@packages.qa.debian.org:
Bug#123130; Package man-db. Full text and rfc822 format available.

Acknowledgement sent to Russell Coker <russell@coker.com.au>:
Extra info received and forwarded to list. Copy sent to Colin Watson <cjwatson@debian.org>, man-db@packages.qa.debian.org. Full text and rfc822 format available.

Message #82 received at 123130@bugs.debian.org (full text, mbox):

From: Russell Coker <russell@coker.com.au>
To: 123130@bugs.debian.org
Cc: cjwatson@debian.org, cmetzler@speakeasy.net
Subject: man-db: mandb segfaults in rare circumstances
Date: Thu, 31 Jan 2002 17:55:12 +1100
man-db_2.3.20-14_i386.deb fixes this for me on one of my machines.




Information forwarded to man-db@packages.qa.debian.org:
Bug#123130; Package man-db. Full text and rfc822 format available.

Acknowledgement sent to Eirik Fuller <eirik@hackrat.com>:
Extra info received and filed, but not forwarded. Copy sent to man-db@packages.qa.debian.org. Full text and rfc822 format available.

Message #87 received at 123130-quiet@bugs.debian.org (full text, mbox):

From: Eirik Fuller <eirik@hackrat.com>
To: Colin Watson <cjwatson@debian.org>
Cc: <123130-quiet@bugs.debian.org>
Subject: Re: Bug#123130: man-db: New (2.3.20-12) version of man-db segfaults while updating index cache.
Date: Thu, 31 Jan 2002 05:18:19 -0800 (PST)
There's a problem with the patch:

(gdb) run
Starting program: /tmp/man_db-2.3.20/src/mandb -t

Program received signal SIGSEGV, Segmentation fault.
chunk_free (ar_ptr=0x4012be20, p=0x806123e) at malloc.c:3179
(gdb) bt
#0  chunk_free (ar_ptr=0x4012be20, p=0x806123e) at malloc.c:3179
#1  0x40084523 in __libc_free (mem=0x8061246) at malloc.c:3153
#2  0x0804d6ec in test_manfile (file=0x805ff28 "/usr/man/man8/syslogd.8.gz", 
    path=0x805e6a8 "/usr/man") at check_mandirs.c:502
#3  0x0804da5a in testmandirs (path=0x805e6a8 "/usr/man", last=0)
    at check_mandirs.c:557
#4  0x0804dd5d in create_db (manpath=0x805e6a8 "/usr/man")
    at check_mandirs.c:726
#5  0x08049b77 in mandb (catpath=0x805e650 "/var/cache/man/fsstnd", 
    manpath=0x805e6a8 "/usr/man") at mandb.c:333
#6  0x08049fff in main (argc=2, argv=0xbffffd74) at mandb.c:504
#7  0x4002f65f in __libc_start_main (main=0x8049c6c <main>, argc=2, 
    ubp_av=0xbffffd74, init=0x8049354 <_init>, fini=0x8052530 <_fini>, 
    rtld_fini=0x4000aa50 <_dl_fini>, stack_end=0xbffffd6c)
    at ../sysdeps/generic/libc-start.c:129
(gdb) 

I tried -t intentionally, after wondering whether this code

		if (info.pointer)
			free (info.pointer);

could trip over a pointer which wasn't the return value of malloc.

It might be sufficient to change that code to something like

		if (info.pointer && info.pointer != base_name)
			free (info.pointer);

Another possibility is to change the code which assigns base_name to
info.pointer to use xstrdup; that seems cleaner, but slightly less
efficient.  Using xstrdup would also require a change to splitline (it
would have to free info->pointer before changing it).

I'll work on a patch.



Information forwarded to man-db@packages.qa.debian.org:
Bug#123130; Package man-db. Full text and rfc822 format available.

Acknowledgement sent to Eirik Fuller <eirik@hackrat.com>:
Extra info received and filed, but not forwarded. Copy sent to man-db@packages.qa.debian.org. Full text and rfc822 format available.

Message #92 received at 123130-quiet@bugs.debian.org (full text, mbox):

From: Eirik Fuller <eirik@hackrat.com>
To: Colin Watson <cjwatson@debian.org>
Cc: <123130-quiet@bugs.debian.org>
Subject: Re: Bug#123130: man-db: New (2.3.20-12) version of man-db segfaults while updating index cache.
Date: Thu, 31 Jan 2002 06:13:48 -0800 (PST)
Here's a patch which doesn't seem to crash "mandb -t"; this patch is
against the original source files (not against the previous patch).


--- check_mandirs.c-	Thu Sep  6 16:43:12 2001
+++ check_mandirs.c	Thu Jan 31 05:47:52 2002
@@ -163,6 +163,9 @@
 
 	ret = dbstore (info, pointer_name);
 	if (ret > 0) {
+		if (info->pointer)
+			free(info->pointer);
+		info->pointer = NULL;
 		free (pointer_name);
 		return ret;
 	}
@@ -171,6 +174,9 @@
 	   next file */
 
 	if (!raw_whatis || strchr (raw_whatis, ',') == NULL) {
+		if (info->pointer)
+			free(info->pointer);
+		info->pointer = NULL;
 		free (pointer_name);
 		return 0;
 	}
@@ -184,6 +190,9 @@
 
 	/* don't waste space storing the whatis in the db */
 	info->whatis = NULL;
+	/* This may be used in the next splitline() call. */
+	if (info->pointer)
+		free(info->pointer);
 	info->pointer = pointer_name; 
 	
 	while ((comma = strrchr (raw_whatis, ',')) != NULL) {
@@ -196,27 +205,21 @@
 			if (debug)
 				fprintf (stderr, "comma = `%s'\n", comma);
 			ret = dbstore (info, comma);
-			if (ret > 0) {
-				free (pointer_name);
+			if (ret > 0)
 				return ret;
-			}
 		}
 	}
 
 	/* If we've already dealt with it, ignore */
 		
-	if (strcmp (raw_whatis, pointer_name) == 0) {
-		free (pointer_name);
+	if (strcmp (raw_whatis, pointer_name) == 0)
 		return 0;
-	}
-		
+
 	if (debug)
 		fprintf (stderr, "raw_w = `%s'\n", raw_whatis);
 	ret = dbstore (info, raw_whatis);
-	if (ret > 0) {
-		free (pointer_name);
+	if (ret > 0)
 		return ret;
-	}
 
 	return 0;
 }
@@ -484,7 +487,9 @@
 				info.id = save_id;
 			else {
 				info.id = WHATIS_MAN;
-				info.pointer = base_name;
+				if (info.pointer)
+					free (info.pointer);
+				info.pointer = xstrdup(base_name);
 			}
 			if (!opt_test) {
 				char *dup_whatis = xstrdup (sep);
@@ -499,6 +504,8 @@
 		}
 
 		info.id = save_id;
+		if (info.pointer)
+			free (info.pointer);
 		info.pointer = NULL;
 		if (!opt_test)
 			if (splitline (lg.whatis, &info, base_name) == 1)
--- straycats.c-	Thu Sep  6 16:15:24 2001
+++ straycats.c	Thu Jan 31 05:28:54 2002
@@ -275,6 +275,8 @@
 
 					(void) splitline (lg.whatis, &info,
 							  basename (mandir));
+					if (info.pointer)
+						free(info.pointer);
 				}
 			}
 


I'm not entirely happy with this patch; in particular, I'm not sure
that info.pointer will invariably be a pointer which can be passed to
free.  It might be necessary to convert any code which modifies
info.pointer (lke make_content) to use a malloc return value.

The original code seems to be based on the notion that info.pointer
should only be allocated by the caller of splitline.  Perhaps there's
a way to restrict the allocation of info.pointer to test_manfile ...



Information forwarded to man-db@packages.qa.debian.org:
Bug#123130; Package man-db. Full text and rfc822 format available.

Acknowledgement sent to Eirik Fuller <eirik@hackrat.com>:
Extra info received and filed, but not forwarded. Copy sent to man-db@packages.qa.debian.org. Full text and rfc822 format available.

Message #97 received at 123130-quiet@bugs.debian.org (full text, mbox):

From: Eirik Fuller <eirik@hackrat.com>
To: Colin Watson <cjwatson@debian.org>
Cc: <123130-quiet@bugs.debian.org>
Subject: Re: Bug#123130: man-db: New (2.3.20-12) version of man-db segfaults while updating index cache.
Date: Thu, 31 Jan 2002 08:17:50 -0800 (PST)
Here's another patch (as before, against the original source) which
doesn't crash with "mandb -t".  I've done light testing on it, but I'm
sure more testing (and code review) would be good, particularly with
respect to the question of whether mandb generates a correct index.bt
with this patch.

This patch allocates the new info.pointer in test_manfile rather than
splitline, by allocating a copy of lg.whatis up front and allowing
splitline to modify it in place.

The aim of this patch is to eliminate the need to free info.pointer
explicitly; the value that needs to survive to a subsequent loop
iteration comes from a buffer which is allocated and deallocated
outside of the loop.


--- check_mandirs.c-	Thu Sep  6 16:43:12 2001
+++ check_mandirs.c	Thu Jan 31 08:07:50 2002
@@ -127,7 +127,6 @@
 
 int splitline (char *raw_whatis, struct mandata *info, char *base_name)
 {
-	char *pointer_name;
 	char *comma;
 	int ret;
 
@@ -152,28 +151,23 @@
 		fprintf (stderr, "base_name = `%s', id = %c\n",
 			 base_name, info->id);
 
-	pointer_name = xstrdup (base_name);
-	comma = strchr (pointer_name, ',');
+	comma = strchr (base_name, ',');
 	if (comma) {
 		*comma = '\0';
 		if (debug)
-			fprintf (stderr, "pointer_name = `%s'\n",
-				 pointer_name);
+			fprintf (stderr, "base_name = `%s'\n",
+				 base_name);
 	}
 
-	ret = dbstore (info, pointer_name);
-	if (ret > 0) {
-		free (pointer_name);
+	ret = dbstore (info, base_name);
+	if (ret > 0)
 		return ret;
-	}
 
 	/* if there are no indirect references, just go on to the 
 	   next file */
 
-	if (!raw_whatis || strchr (raw_whatis, ',') == NULL) {
-		free (pointer_name);
+	if (!raw_whatis || strchr (raw_whatis, ',') == NULL)
 		return 0;
-	}
 
 	/* If there are...  */
 		
@@ -184,7 +178,8 @@
 
 	/* don't waste space storing the whatis in the db */
 	info->whatis = NULL;
-	info->pointer = pointer_name; 
+	/* This may be used in the next splitline() call. */
+	info->pointer = base_name; 
 	
 	while ((comma = strrchr (raw_whatis, ',')) != NULL) {
 		*comma = '\0';
@@ -192,31 +187,25 @@
 
 		/* If we've already dealt with it, ignore */
 		
-		if (strcmp (comma, pointer_name) != 0) {
+		if (strcmp (comma, base_name) != 0) {
 			if (debug)
 				fprintf (stderr, "comma = `%s'\n", comma);
 			ret = dbstore (info, comma);
-			if (ret > 0) {
-				free (pointer_name);
+			if (ret > 0)
 				return ret;
-			}
 		}
 	}
 
 	/* If we've already dealt with it, ignore */
 		
-	if (strcmp (raw_whatis, pointer_name) == 0) {
-		free (pointer_name);
+	if (strcmp (raw_whatis, base_name) == 0)
 		return 0;
-	}
-		
+
 	if (debug)
 		fprintf (stderr, "raw_w = `%s'\n", raw_whatis);
 	ret = dbstore (info, raw_whatis);
-	if (ret > 0) {
-		free (pointer_name);
+	if (ret > 0)
 		return ret;
-	}
 
 	return 0;
 }
@@ -452,51 +441,50 @@
 	if (lg.whatis) {
 		int last_name;
 		char save_id;
+		char *othername = xstrdup(lg.whatis);
 
 		last_name = 0;
 		save_id = info.id;
 
 		/* It's easier to run through the names in reverse order. */
 		while (!last_name) {
-			char *sep, *othername, *end_othername;
+			char *sep, *dup_whatis, *end_othername;
 			/* Get the next name, with leading spaces and the
 			 * description removed.
 			 */
-			sep = strrchr (lg.whatis, 0x11);
+			sep = strrchr (othername, 0x11);
 			if (sep)
 				*(sep++) = '\0';
 			else {
-				sep = lg.whatis;
+				sep = othername;
 				last_name = 1;
 			}
 			if (!*sep)
 				/* Probably a double line break or something */
 				continue;
 			sep += strspn (sep, " ");
-			othername = xstrdup (sep);
-			end_othername = strstr (othername, " - ");
+			dup_whatis = xstrdup (sep);
+			end_othername = strstr (sep, " - ");
 			if (end_othername) {
 				while (*(end_othername - 1) == ' ')
 					--end_othername;
 				*end_othername = '\0';
 			}
-			if (STREQ (base_name, othername))
+			if (STREQ (base_name, sep))
 				info.id = save_id;
 			else {
 				info.id = WHATIS_MAN;
 				info.pointer = base_name;
 			}
 			if (!opt_test) {
-				char *dup_whatis = xstrdup (sep);
-				if (splitline (dup_whatis, &info,
-					       othername) == 1)
+				if (splitline (dup_whatis, &info, sep) == 1)
 					gripe_multi_extensions (path, info.sec,
 								base_name,
 								info.ext);
-				free (dup_whatis);
 			}
-			free (othername);
+			free (dup_whatis);
 		}
+		free (othername);
 
 		info.id = save_id;
 		info.pointer = NULL;



Information forwarded to man-db@packages.qa.debian.org:
Bug#123130; Package man-db. Full text and rfc822 format available.

Acknowledgement sent to Colin Watson <cjwatson@debian.org>:
Extra info received and filed, but not forwarded. Copy sent to man-db@packages.qa.debian.org. Full text and rfc822 format available.

Message #102 received at 123130-quiet@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: Eirik Fuller <eirik@hackrat.com>
Cc: 123130-quiet@bugs.debian.org
Subject: Re: Bug#123130: man-db: New (2.3.20-12) version of man-db segfaults while updating index cache.
Date: Thu, 21 Feb 2002 02:05:32 +0000
On Thu, Jan 31, 2002 at 08:17:50AM -0800, Eirik Fuller wrote:
> Here's another patch (as before, against the original source) which
> doesn't crash with "mandb -t".  I've done light testing on it, but I'm
> sure more testing (and code review) would be good, particularly with
> respect to the question of whether mandb generates a correct index.bt
> with this patch.

The patch looks good, with the small exception that there's another call
to splitline() after the last code touched in your patch. I adjusted its
arguments (pointing the way somewhat to how the code should be rewritten
in the future) and made sure othername isn't freed until after that last
call, just in case. Having applied this, the output of mandb is
identical to what it was beforehand.

I've uploaded this to incoming, and the diff between -13 and -14 is at
http://people.debian.org/~cjwatson/man-db/13-14.diff if you'd like to
have a look.

Sorry I took so long to act on this. The whole thing required quite a
bit of careful thought, and I've been rather snowed under with QA work
recently.

Thanks again,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]



Information forwarded to man-db@packages.qa.debian.org:
Bug#123130; Package man-db. Full text and rfc822 format available.

Acknowledgement sent to Colin Watson <cjwatson@debian.org>:
Extra info received and filed, but not forwarded. Copy sent to man-db@packages.qa.debian.org. Full text and rfc822 format available.

Message #107 received at 123130-quiet@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: Russell Coker <russell@coker.com.au>, 123130-quiet@bugs.debian.org
Cc: cmetzler@speakeasy.net
Subject: Re: Bug#123130: man-db: mandb segfaults in rare circumstances
Date: Thu, 21 Feb 2002 02:08:13 +0000
On Thu, Jan 31, 2002 at 05:55:12PM +1100, Russell Coker wrote:
> man-db_2.3.20-14_i386.deb fixes this for me on one of my machines.

Thanks. Eirik and I worked on the patch somewhat more and I've finally
uploaded it to incoming (still versioned as -14 - I suppose I should
have given the one you tried a more experimental version number).
Feedback on that version is welcome, too.

Cheers,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]



Information forwarded to man-db@packages.qa.debian.org:
Bug#123130; Package man-db. Full text and rfc822 format available.

Acknowledgement sent to Eirik Fuller <eirik@hackrat.com>:
Extra info received and filed, but not forwarded. Copy sent to man-db@packages.qa.debian.org. Full text and rfc822 format available.

Message #112 received at 123130-quiet@bugs.debian.org (full text, mbox):

From: Eirik Fuller <eirik@hackrat.com>
To: Colin Watson <cjwatson@debian.org>
Cc: 123130-quiet@bugs.debian.org
Subject: Re: Bug#123130: man-db: New (2.3.20-12) version of man-db segfaults while updating index cache.
Date: Thu, 21 Feb 2002 00:37:07 -0800 (PST)
I installed man-db_2.3.20-14_i386.deb from incoming, with successful
results for all of the tests I tried, including mandb with the
index.bt which triggers a crash from man-db 2.3.20-13 (the crash did
not occur with 2.3.20-14), "mandb -t" (the crash did not occur), and
"mandb -c" (the output of "man -k dbm" looks entirely reasonable).

I looked at the latest patch; it seems reasonable.  As I understand
the last part, it compensates for a change in the earlier part of the
patch which puts a null terminator into a copy of lg.whatis; my patch
didn't pay enough attention to side effects from the change in
lg.whatis usage, but I think the latest patch gets that right.

Thanks,
Eirik



Reply sent to Colin Watson <cjwatson@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Chris Metzler <cmetzler@speakeasy.net>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #117 received at 123130-close@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: 123130-close@bugs.debian.org
Subject: Bug#123130: fixed in man-db 2.3.20-15
Date: Thu, 21 Feb 2002 15:14:09 -0500
We believe that the bug you reported is fixed in the latest version of
man-db, which has been installed in the Debian FTP archive:

man-db_2.3.20-15.diff.gz
  to pool/main/m/man-db/man-db_2.3.20-15.diff.gz
man-db_2.3.20-15.dsc
  to pool/main/m/man-db/man-db_2.3.20-15.dsc
man-db_2.3.20-15_i386.deb
  to pool/main/m/man-db/man-db_2.3.20-15_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 123130@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated man-db package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 21 Feb 2002 09:20:04 +0000
Source: man-db
Binary: man-db
Architecture: source i386
Version: 2.3.20-15
Distribution: unstable
Urgency: medium
Maintainer: Colin Watson <cjwatson@debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description: 
 man-db     - The on-line manual pager
Closes: 123130 134926
Changes: 
 man-db (2.3.20-15) unstable; urgency=low
 .
   * The "mad-db" release.
   * Move section 2 in front of the extensions for scripting languages in
     section 3 by default, at the request of the Perl maintainer.
   * Install DVI and PostScript versions of the manual, for ease of printing
     (closes: #134926).
 .
 man-db (2.3.20-14) unstable; urgency=medium
 .
   * Fix segfault due to reusing a freed pointer in some cases of pages with
     multiple names. Thanks to Eirik Fuller for an excellent piece of
     analysis (closes: #123130).
Files: 
 ec04b454fb429f0ecf7a0be556b2fbc5 679 doc important man-db_2.3.20-15.dsc
 8ed9ab2e095d94cb9613a34720dccdfe 99927 doc important man-db_2.3.20-15.diff.gz
 19726f2186cca80e1d3dc5a1bda94056 469924 doc important man-db_2.3.20-15_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iD8DBQE8dMCW9t0zAhD6TNERAqWkAJ92cf4mDitriEEd6s0DoUnKaRrHqACghXBr
tjwm31zVsns5XCN/siAIC+I=
=F7lA
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, Colin Watson <cjwatson@debian.org>, man-db@packages.qa.debian.org:
Bug#123130; Package man-db. Full text and rfc822 format available.

Acknowledgement sent to Glen Kaukola <glen@boron.cert.ucr.edu>:
Extra info received and forwarded to list. Copy sent to Colin Watson <cjwatson@debian.org>, man-db@packages.qa.debian.org. Full text and rfc822 format available.

Message #122 received at 123130@bugs.debian.org (full text, mbox):

From: Glen Kaukola <glen@boron.cert.ucr.edu>
To: Debian Bug Tracking System <123130@bugs.debian.org>
Subject: man-db: mandb seg faults when I run it
Date: Sun, 24 Feb 2002 22:32:09 -0800
Package: man-db
Version: 2.3.20-13

When I run mandb (or when it's run by cron) it segfaults.

-- System Information
Debian Release: 3.0
Architecture: sparc
Kernel: Linux boron 2.2.19 #1 Sat Jun 9 12:18:06 EDT 2001 sparc
Locale: LANG=C, LC_CTYPE=C

Versions of packages man-db depends on:
ii  bsdmainutils               5.20010615-3  More utilities from FreeBSD.
ii  debconf                    1.0.25        Debian configuration management sy
ii  dpkg                       1.9.19        Package maintenance system for Deb
ii  groff-base                 1.17.2-15     GNU troff text-formatting system (
ii  libc6                      2.2.5-3       GNU C Library: Shared libraries an
ii  libdb2                     2:2.7.7.0-3.1 The Berkeley database routines (ru




Information forwarded to debian-bugs-dist@lists.debian.org, man-db@packages.qa.debian.org:
Bug#123130; Package man-db. Full text and rfc822 format available.

Acknowledgement sent to Colin Watson <cjwatson@debian.org>:
Extra info received and forwarded to list. Copy sent to man-db@packages.qa.debian.org. Full text and rfc822 format available.

Message #127 received at 123130@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: Glen Kaukola <glen@boron.cert.ucr.edu>, 123130@bugs.debian.org
Subject: Re: Bug#123130: man-db: mandb seg faults when I run it
Date: Mon, 25 Feb 2002 10:47:06 +0000
On Sun, Feb 24, 2002 at 10:32:09PM -0800, Glen Kaukola wrote:
> Package: man-db
> Version: 2.3.20-13
> 
> When I run mandb (or when it's run by cron) it segfaults.

Please try man-db 2.3.20-15 from unstable, which should fix many
segfault bugs. If that still fails, please show me the output of
'/usr/lib/man-db/mandb --debug --no-purge' run as the 'man' user.

Thanks,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]



Information forwarded to debian-bugs-dist@lists.debian.org, Colin Watson <cjwatson@debian.org>, man-db@packages.qa.debian.org:
Bug#123130; Package man-db. Full text and rfc822 format available.

Acknowledgement sent to Kristjan Onu <konu@ottawa.com>:
Extra info received and forwarded to list. Copy sent to Colin Watson <cjwatson@debian.org>, man-db@packages.qa.debian.org. Full text and rfc822 format available.

Message #132 received at 123130@bugs.debian.org (full text, mbox):

From: Kristjan Onu <konu@ottawa.com>
To: Debian Bug Tracking System <123130@bugs.debian.org>
Subject: man-db: Segmentation faults with up-to-date woody installation
Date: Mon, 18 Mar 2002 11:27:43 -0600
Package: man-db
Version: 2.3.20-15

Hello,

I've browsed through the thread for this bug #, but my problem doesn't 
seem to be addresses in it. A few days ago, I updated a SparcStation 5
to woody. Now, every morning the following message is delivered to my
inbox:

/etc/cron.daily/man-db:
/etc/cron.daily/man-db: line 22:  6984 Segmentation fault      start-stop-daemon--start --pidfile /dev/null --startas /usr/lib/man-db/mandb --oknodo --chuid man-- --no-purge >/dev/null 2>/dev/null
run-parts: /etc/cron.daily/man-db exited with return code 139

I have a custom-compiled kernel, otherwise I believe everything on 
this machine is 'standard'.

Hope you can help,

Kristjan Onu

PS. I've attached the ouput of '/usr/lib/man-db/mandb --debug --no-purge'

-- System Information
Debian Release: 3.0
Architecture: sparc
Kernel: Linux dwang 2.2.20 #1 Sat Feb 16 12:54:45 CST 2002 sparc
Locale: LANG=C, LC_CTYPE=C

Versions of packages man-db depends on:
ii  bsdmainutils               5.20020211-3  More utilities from FreeBSD.
ii  debconf                    1.0.26        Debian configuration management sy
ii  dpkg                       1.9.19        Package maintenance system for Deb
ii  groff                      1.17.2-15     GNU troff text-formatting system
ii  groff-base                 1.17.2-15     GNU troff text-formatting system (
ii  libc6                      2.2.5-3       GNU C Library: Shared libraries an
ii  libdb2                     2:2.7.7.0-3.1 The Berkeley database routines (ru




Information forwarded to debian-bugs-dist@lists.debian.org, Colin Watson <cjwatson@debian.org>, man-db@packages.qa.debian.org:
Bug#123130; Package man-db. Full text and rfc822 format available.

Acknowledgement sent to Kristjan Onu <konu@ottawa.com>:
Extra info received and forwarded to list. Copy sent to Colin Watson <cjwatson@debian.org>, man-db@packages.qa.debian.org. Full text and rfc822 format available.

Message #137 received at 123130@bugs.debian.org (full text, mbox):

From: Kristjan Onu <konu@ottawa.com>
To: Debian Bug Tracking System <123130@bugs.debian.org>
Subject: man-db: Missing attachment in previous email
Date: Mon, 18 Mar 2002 11:35:28 -0600
Package: man-db
Version: 2.3.20-15

Oops. Looks like I didn't attach the output from mandb to my previous
message. Here it is:

sh-2.05a$ whoami
man
sh-2.05a$ /usr/lib/man-db/mandb --debug --no-purge
ruid=6, euid=6
++priv_drop_count = 1
From the config file /etc/manpath.config:

Mandatory mandir `/usr/man'.
Mandatory mandir `/usr/share/man'.
Mandatory mandir `/usr/X11R6/man'.
Mandatory mandir `/usr/local/man'.
Path `/bin' mapped to mandir `/usr/share/man'.
Path `/usr/bin' mapped to mandir `/usr/share/man'.
Path `/sbin' mapped to mandir `/usr/share/man'.
Path `/usr/sbin' mapped to mandir `/usr/share/man'.
Path `/usr/local/bin' mapped to mandir `/usr/local/man'.
Path `/usr/local/bin' mapped to mandir `/usr/local/share/man'.
Path `/usr/local/sbin' mapped to mandir `/usr/local/man'.
Path `/usr/local/sbin' mapped to mandir `/usr/local/share/man'.
Path `/usr/X11R6/bin' mapped to mandir `/usr/X11R6/man'.
Path `/usr/bin/X11' mapped to mandir `/usr/X11R6/man'.
Path `/usr/games' mapped to mandir `/usr/share/man'.
Path `/opt/bin' mapped to mandir `/opt/man'.
Path `/opt/sbin' mapped to mandir `/opt/man'.
Global mandir `/usr/man', catdir `/var/cache/man/fsstnd'.
--priv_drop_count = 0
creating catdir hierarchy /var/cache/man/fsstnd
++priv_drop_count = 1
Global mandir `/usr/share/man', catdir `/var/cache/man'.
--priv_drop_count = 0
creating catdir hierarchy /var/cache/man
++priv_drop_count = 1
Global mandir `/usr/local/man', catdir `/var/cache/man/oldlocal'.
--priv_drop_count = 0
creating catdir hierarchy /var/cache/man/oldlocal
++priv_drop_count = 1
Global mandir `/usr/local/share/man', catdir `/var/cache/man/local'.
--priv_drop_count = 0
creating catdir hierarchy /var/cache/man/local
++priv_drop_count = 1
Global mandir `/usr/X11R6/man', catdir `/var/cache/man/X11R6'.
--priv_drop_count = 0
creating catdir hierarchy /var/cache/man/X11R6
++priv_drop_count = 1
Global mandir `/opt/man', catdir `/var/cache/man/opt'.
--priv_drop_count = 0
creating catdir hierarchy /var/cache/man/opt
++priv_drop_count = 1
Added section `1'.
Added section `n'.
Added section `l'.
Added section `8'.
Added section `3'.
Added section `2'.
Added section `3pm'.
Added section `3perl'.
Added section `3tcl'.
Added section `3tk'.
Added section `5'.
Added section `4'.
Added section `9'.
Added section `6'.
Added section `7'.
`/usr/man'      `'      `1'
`/usr/share/man'        `'      `1'
`/usr/X11R6/man'        `'      `1'
`/usr/local/man'        `'      `1'
`/bin'  `/usr/share/man'        `0'
`/usr/bin'      `/usr/share/man'        `0'
`/sbin' `/usr/share/man'        `0'
`/usr/sbin'     `/usr/share/man'        `0'
`/usr/local/bin'        `/usr/local/man'        `0'
`/usr/local/bin'        `/usr/local/share/man'  `0'
`/usr/local/sbin'       `/usr/local/man'        `0'
`/usr/local/sbin'       `/usr/local/share/man'  `0'
`/usr/X11R6/bin'        `/usr/X11R6/man'        `0'
`/usr/bin/X11'  `/usr/X11R6/man'        `0'
`/usr/games'    `/usr/share/man'        `0'
`/opt/bin'      `/opt/man'      `0'
`/opt/sbin'     `/opt/man'      `0'
`/usr/man'      `/var/cache/man/fsstnd' `-1'
`/usr/share/man'        `/var/cache/man'        `-1'
`/usr/local/man'        `/var/cache/man/oldlocal'       `-1'
`/usr/local/share/man'  `/var/cache/man/local'  `-1'
`/usr/X11R6/man'        `/var/cache/man/X11R6'  `-1'
`/opt/man'      `/var/cache/man/opt'    `-1'
`1'     `'      `-4'
`n'     `'      `-4'
`l'     `'      `-4'
`8'     `'      `-4'
`3'     `'      `-4'
`2'     `'      `-4'
`3pm'   `'      `-4'
`3perl' `'      `-4'
`3tcl'  `'      `-4'
`3tk'   `'      `-4'
`5'     `'      `-4'
`4'     `'      `-4'
`9'     `'      `-4'
`6'     `'      `-4'
`7'     `'      `-4'

path directory /usr/local/bin is in the config file
adding /usr/local/man to manpath
mandb: warning: /usr/local/share/man: No such file or directory

path directory /usr/bin is in the config file
adding /usr/share/man to manpath

path directory /bin is in the config file
/usr/share/man is already in the manpath

path directory /usr/bin/X11 is in the config file
adding /usr/X11R6/man to manpath

path directory /usr/games is in the config file
/usr/share/man is already in the manpath

adding mandatory man directories

adding /usr/man to manpath
/usr/share/man is already in the manpath
/usr/X11R6/man is already in the manpath
/usr/local/man is already in the manpath
manpath=/usr/man:/usr/share/man:/usr/local/man:/usr/local/share/man:/usr/X11R6/m
an:/opt/man
adding /usr/man to manpathlist
adding /usr/share/man to manpathlist
adding /usr/local/man to manpathlist
mandb: warning: /usr/local/share/man: No such file or directory
adding /usr/X11R6/man to manpathlist
mandb: warning: /opt/man: No such file or directory
--priv_drop_count = 0
Processing manual pages under /usr/man...
fopen: No such file or directory
Segmentation fault
sh-2.05a$


-- System Information
Debian Release: 3.0
Architecture: sparc
Kernel: Linux dwang 2.2.20 #1 Sat Feb 16 12:54:45 CST 2002 sparc
Locale: LANG=C, LC_CTYPE=C

Versions of packages man-db depends on:
ii  bsdmainutils               5.20020211-3  More utilities from FreeBSD.
ii  debconf                    1.0.26        Debian configuration management sy
ii  dpkg                       1.9.19        Package maintenance system for Deb
ii  groff                      1.17.2-15     GNU troff text-formatting system
ii  groff-base                 1.17.2-15     GNU troff text-formatting system (
ii  libc6                      2.2.5-3       GNU C Library: Shared libraries an
ii  libdb2                     2:2.7.7.0-3.1 The Berkeley database routines (ru




Information forwarded to debian-bugs-dist@lists.debian.org, man-db@packages.qa.debian.org:
Bug#123130; Package man-db. Full text and rfc822 format available.

Acknowledgement sent to Colin Watson <cjwatson@debian.org>:
Extra info received and forwarded to list. Copy sent to man-db@packages.qa.debian.org. Full text and rfc822 format available.

Message #142 received at 123130@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: Kristjan Onu <konu@ottawa.com>, 123130@bugs.debian.org
Subject: Re: Bug#123130: man-db: Segmentation faults with up-to-date woody installation
Date: Mon, 18 Mar 2002 17:44:35 +0000
On Mon, Mar 18, 2002 at 11:27:43AM -0600, Kristjan Onu wrote:
> I've browsed through the thread for this bug #, but my problem doesn't 
> seem to be addresses in it. A few days ago, I updated a SparcStation 5
> to woody.

Since this is sparc, I'd suspect bug #111288.

> PS. I've attached the ouput of '/usr/lib/man-db/mandb --debug --no-purge'

Doesn't seem to have made it ...

Thanks,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]



Information forwarded to debian-bugs-dist@lists.debian.org, man-db@packages.qa.debian.org:
Bug#123130; Package man-db. Full text and rfc822 format available.

Acknowledgement sent to Colin Watson <cjwatson@debian.org>:
Extra info received and forwarded to list. Copy sent to man-db@packages.qa.debian.org. Full text and rfc822 format available.

Message #147 received at 123130@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: Kristjan Onu <konu@ottawa.com>, 123130@bugs.debian.org
Cc: 111288@bugs.debian.org
Subject: Re: Bug#123130: man-db: Missing attachment in previous email
Date: Mon, 18 Mar 2002 18:20:01 +0000
On Mon, Mar 18, 2002 at 11:35:28AM -0600, Kristjan Onu wrote:
> Oops. Looks like I didn't attach the output from mandb to my previous
> message. Here it is:
[...]
> --priv_drop_count = 0
> Processing manual pages under /usr/man...
> fopen: No such file or directory
> Segmentation fault

Yes, this is characteristic of bug #111288. The only suggestion anyone's
given me so far is to revert to linking against libc6's db routines, but
I'm extremely loath to try to get that into woody. If there's a solution
which I can use while staying with libdb2, I'd love to hear about it.

Meanwhile, man will work, but apropos and whatis will not.

Thanks,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]



Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 11:03:29 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.