Debian Bug report logs - #28024
man2html: allocates all available memory when reading terminfo(5)

version graph

Package: man2html; Maintainer for man2html is Robert Luberda <robert@debian.org>; Source for man2html is src:man2html.

Reported by: t1k <t1k@freemail.c3.hu>

Date: Thu, 15 Oct 1998 21:33:05 UTC

Severity: important

Found in version 1.5-18

Fixed in version man2html/1.5-22

Done: Nicolás Lichtmaier <nick@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Nicol�s Lichtmaier <nick@feedback.net.ar>:
Bug#28024; Package man2html. Full text and rfc822 format available.

Acknowledgement sent to t1k <t1k@freemail.c3.hu>:
New bug report received and forwarded. Copy sent to Nicol�s Lichtmaier <nick@feedback.net.ar>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: t1k <t1k@freemail.c3.hu>
To: submit@bugs.debian.org
Subject: man2html: allocates all available memory when reading terminfo(5)
Date: Thu, 15 Oct 1998 23:29:53 +0200
Package: man2html
Version: 1.5-18

First I thought it was some netscape thing, but the result is the same from
command line:

----------
$ /usr/lib/cgi-bin/man2html /usr/man/man5/terminfo.5.gz

...

On some color terminals, colors collide with highlights.  You can register
these collisions with the <B>ncv</B> capability.  This is a bit-mask of
attributes not to be used when colors are enabled.  The correspondence with the
attributes understood by <B>curses</B> is as follows:
<P>

( at this point it starts paging out like crazy until all of my 128M swap is saturated)

man2html: out of memory
-------------

'man 5 terminfo' works ok. 


-- System Information
Debian Release: slink
Kernel Version: Linux mrdata 2.0.35 #1 Fri Oct 9 01:25:56 CEST 1998 i586 unknown

Versions of the packages man2html depends on:
ii  libc6           2.0.7u-2       The GNU C library version 2 (run-time files)
ii  apache          1.3.2-3        Versatile, high-performance HTTP server
	^^^ (Provides virtual package httpd)


Information forwarded to debian-bugs-dist@lists.debian.org, Nicol�s Lichtmaier <nick@debian.org>:
Bug#28024; Package man2html. Full text and rfc822 format available.

Acknowledgement sent to Stephan Kulow <coolo@kde.org>:
Extra info received and forwarded to list. Copy sent to Nicol�s Lichtmaier <nick@debian.org>. Full text and rfc822 format available.

Message #10 received at 28024@bugs.debian.org (full text, mbox):

From: Stephan Kulow <coolo@kde.org>
To: 28024@bugs.debian.org
Subject: fetchmail too
Date: Sat, 21 Oct 2000 17:05:17 +0200
Hi!

The man page of fetchmail triggers the same bug
and for me this this is a quite critical bug as
it took down my system after the memory was 
full (X doesn't work very well without memory
and so you have to press the reset button). Not
very nice while browsing man pages.

I investigated a bit and the endless look stops
if you change line 1367 of man2html.c from
while (!finished) to while (!finished && *c)

Greetings, Stephan

-- 
... but you ain't had mine



Information forwarded to debian-bugs-dist@lists.debian.org, Nicol�s Lichtmaier <nick@debian.org>:
Bug#28024; Package man2html. Full text and rfc822 format available.

Acknowledgement sent to Stephan Kulow <coolo@kde.org>:
Extra info received and forwarded to list. Copy sent to Nicol�s Lichtmaier <nick@debian.org>. Full text and rfc822 format available.

Message #15 received at 28024@bugs.debian.org (full text, mbox):

From: Stephan Kulow <coolo@kde.org>
To: 28024@bugs.debian.org
Subject: security problem?
Date: Sat, 21 Oct 2000 17:24:44 +0200
Hi!

I just figured that the man2html is available to the
outside, so everyone from outside can fill your memory
quite easily, no? I mean, if I can make my system unusable
using man2html, everyone can, no?

Greetings, Stephan

-- 
... but you ain't had mine



Information forwarded to debian-bugs-dist@lists.debian.org, Nicol�s Lichtmaier <nick@debian.org>:
Bug#28024; Package man2html. Full text and rfc822 format available.

Acknowledgement sent to Josip Rodin <joy@cibalia.gkvk.hr>:
Extra info received and forwarded to list. Copy sent to Nicol�s Lichtmaier <nick@debian.org>. Full text and rfc822 format available.

Message #20 received at 28024@bugs.debian.org (full text, mbox):

From: Josip Rodin <joy@cibalia.gkvk.hr>
To: Stephan Kulow <coolo@kde.org>, 28024@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: Bug#28024: fetchmail too
Date: Sat, 21 Oct 2000 17:50:32 +0200
severity 28024 important
thanks

On Sat, Oct 21, 2000 at 05:05:17PM +0200, Stephan Kulow wrote:
> The man page of fetchmail triggers the same bug and for me this this is a
> quite critical bug as it took down my system after the memory was full (X
> doesn't work very well without memory and so you have to press the reset
> button). Not very nice while browsing man pages.

Awful! This bug needs to be fixed before the release...

-- 
Digital Electronic Being Intended for Assassination and Nullification



Severity set to `important'. Request was from Josip Rodin <joy@cibalia.gkvk.hr> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Nicol�s Lichtmaier <nick@debian.org>:
Bug#28024; Package man2html. Full text and rfc822 format available.

Acknowledgement sent to Nicolás Lichtmaier <nick@debian.org>:
Extra info received and forwarded to list. Copy sent to Nicol�s Lichtmaier <nick@debian.org>. Full text and rfc822 format available.

Message #27 received at 28024@bugs.debian.org (full text, mbox):

From: Nicolás Lichtmaier <nick@debian.org>
To: Josip Rodin <joy@cibalia.gkvk.hr>, 28024@bugs.debian.org
Cc: Stephan Kulow <coolo@kde.org>
Subject: Re: Bug#28024: fetchmail too
Date: Sat, 21 Oct 2000 14:19:04 -0300
> > The man page of fetchmail triggers the same bug and for me this this is a
> > quite critical bug as it took down my system after the memory was full (X
> > doesn't work very well without memory and so you have to press the reset
> > button). Not very nice while browsing man pages.
> 
> Awful! This bug needs to be fixed before the release...

 It will...



Information forwarded to debian-bugs-dist@lists.debian.org, Nicol�s Lichtmaier <nick@debian.org>:
Bug#28024; Package man2html. Full text and rfc822 format available.

Acknowledgement sent to Stephan Kulow <coolo@kde.org>:
Extra info received and forwarded to list. Copy sent to Nicol�s Lichtmaier <nick@debian.org>. Full text and rfc822 format available.

Message #32 received at 28024@bugs.debian.org (full text, mbox):

From: Stephan Kulow <coolo@kde.org>
To: Nicolás Lichtmaier <nick@debian.org>
Cc: Josip Rodin <joy@cibalia.gkvk.hr>, 28024@bugs.debian.org
Subject: Re: Bug#28024: fetchmail too
Date: Sat, 21 Oct 2000 20:54:32 +0200
Nicolás Lichtmaier wrote:
> 
> > > The man page of fetchmail triggers the same bug and for me this this is a
> > > quite critical bug as it took down my system after the memory was full (X
> > > doesn't work very well without memory and so you have to press the reset
> > > button). Not very nice while browsing man pages.
> >
> > Awful! This bug needs to be fixed before the release...
> 
>  It will...
Hi!

I looked deeper into the problem and the problem is the
format line "lw25 lw6 lw2 lw20." (or "... lw34." for fetchmail).
scan_format calls scan_expression on 'w' to get the width.
But scan_expression takes "20." as number and returns with
the input focus behind the '.'. This breaks scan_format as
it looks for the '.' followed by a newline to end the format
scanning. I hacked it by changing scan_expression not to
accept numbers that end with a . - don't know what this breaks
though. The "&& *c" change I would leave in anyway though :)

BTW: there are some massive problems with tables in there,
I solved for my hacked up version with a rewrite of the list
handling in C++. That there is a problem, you can see when
looking at man2html.c:1501 "while (ti2 && curfield->align=='S');"
and then consider that curfield is part of the just deleted
last row (I guess it should be ti2 here).

Greetings, Stephan

-- 
... but you ain't had mine



Reply sent to Nicol�s Lichtmaier <nick@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to t1k <t1k@freemail.c3.hu>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #37 received at 28024-close@bugs.debian.org (full text, mbox):

From: Nicolás Lichtmaier <nick@debian.org>
To: 28024-close@bugs.debian.org
Subject: Bug#28024: fixed in man2html 1.5-22
Date: Mon, 04 Dec 2000 14:54:01 -0500
We believe that the bug you reported is fixed in the latest version of
man2html, which has been installed in the Debian FTP archive:
man2html_1.5-22_i386.deb
  to dists/woody/main/binary-i386/doc/man2html_1.5-22.deb
  replacing man2html_1.5-21.deb
man2html_1.5-22.diff.gz
  to dists/woody/main/source/doc/man2html_1.5-22.diff.gz
  replacing man2html_1.5-21.diff.gz
man2html_1.5-22.dsc
  to dists/woody/main/source/doc/man2html_1.5-22.dsc
  replacing man2html_1.5-21.dsc

Note that this package is not part of the released stable Debian
distribution.  It may have dependencies on other unreleased software,
or other instabilities.  Please take care if you wish to install it.
The update will eventually make its way into the next released Debian
distribution.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 28024@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nicolás Lichtmaier <nick@debian.org> (supplier of updated man2html package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----

Format: 1.7
Date: Sun,  3 Dec 2000 23:20:29 -0300
Source: man2html
Binary: man2html
Architecture: source i386
Version: 1.5-22
Distribution: unstable
Urgency: medium
Maintainer: Nicolás Lichtmaier <nick@debian.org>
Changed-By: Nicolás Lichtmaier <nick@debian.org>
Description: 
 man2html   - Turns a web-browser and an httpd-server into a man pager.
Closes: 28024 78195
Changes: 
 man2html (1.5-22) unstable; urgency=medium
 .
   * Was taking all available memory with an endless loop, fixed
     with indication from Stephan Kulow <coolo@kde.org>
     (closes:Bug#28024,Bug#78195).
   * Downgraded dependency on httpd to a recommendation. This program may
     also be used as a standalone HTML converter. In the future, a link
     to /usr/bin and modifications for handling the non-CGI case should
     be made.
   * Marked /etc/cron.weekly/man2html as a conffile.
Files: 
 91866f15100a93eca6bdeea75cea688c 678 doc optional man2html_1.5-22.dsc
 b09025003c06fec3acac903333d4cb43 22396 doc optional man2html_1.5-22.diff.gz
 26284e7f5d74411c6ce5cef32c4ff17e 54632 doc optional man2html_1.5-22_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iQCVAwUBOisA4csW/Uuk2wLtAQFPPAQAsq1npvjcRUJOMvEyYKzN4NvW0DmVtFCb
CmMTOoK26fZ846apjDT8yT7ZcOQvh7pkXRzngVVMjqctyg4yTkkrCpIVRisecSKs
y3HVALUXaF2q21kiUD/tPuuyp8yA6RGyk7h59kO6p9RM5thnDJ0h954P2GVSm3cS
mXyj9eoM0A4=
=l347
-----END PGP SIGNATURE-----




Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 04:39:33 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.