Bug 989262

Summary: segmentation fault with -M option
Product: [Fedora] Fedora Reporter: Jan Včelák <jv+fedora>
Component: man-dbAssignee: Peter Schiffer <pschiffe>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 19CC: cjwatson, pschiffe
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-09-24 14:36:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
proposed patch none

Description Jan Včelák 2013-07-28 21:34:54 UTC 
Description of problem:

'man' command crashes when run with -M command line option


Version-Release number of selected component (if applicable):
man-db-2.6.3-6.fc19.x86_64


How reproducible:
always


Steps to Reproduce:
1. man -M foo bar
2.
3.

Actual results:
*** Error in `man': free(): invalid pointer: 0x00007fff7f840aba ***
======= Backtrace: =========
/lib64/libc.so.6(+0x7d0e8)[0x7fe9151250e8]
man[0x4052b8]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7fe9150c9b75]
man[0x405625]
======= Memory map: ========
...


Expected results:
No manual entry for bar.


Additional info:

(gdb) bt
#0  0x00007ffff7216a19 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007ffff7218128 in __GI_abort () at abort.c:90
#2  0x00007ffff7256d47 in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7ffff735eb88 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:196
#3  0x00007ffff725cc17 in malloc_printerr (action=<optimized out>, str=0x7ffff735ebb0 "munmap_chunk(): invalid pointer", ptr=<optimized out>) at malloc.c:4916
#4  0x00000000004052b8 in main (argc=4, argv=0x7fffffffd6b8) at man.c:1367


The program tries to free 'manp' variable, which contains value assigned from argv and therefore allocated by caller (shell), man.c line 429.
Comment 1 Jan Včelák 2013-07-28 21:36:31 UTC 
Created attachment 779450 [details]
proposed patch

Add strdup to assignment of manp variable.
Comment 2 Colin Watson 2013-07-29 10:27:35 UTC 
Thanks for the effort, but nack on this patch.  The free in question was an incorrect change in a Fedora patch; it was dropped in 2.6.4-1.  Dropping it for 2.6.3-7 as well is probably the right answer if you need to stay with 2.6.3.
Comment 3 Jan Včelák 2013-07-29 11:51:38 UTC 
Right Colin, that's probably a better solution.
Comment 4 Peter Schiffer 2013-09-24 14:36:32 UTC 

*** This bug has been marked as a duplicate of bug 986085 ***