[Bug 289420] mandoc core dump due to tag_put assertion

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 289420] mandoc core dump due to tag_put assertion"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 10 Sep 2025 14:15:09 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289420

--- Comment #4 from Ingo Schwarze <schwarze@usta.de> ---
(In reply to Jessica Clarke from comment #3)

Hello Jessica,

the commit you are quoting as "176a26ab0dba12d8c053376f32e5accba9e9166a" (no
idea where you got that commit ID from; it doesn't appear to exist in FreeBSD
git, and neither mandoc nor OpenBSD use git at all) is *not* the relevant one. 
That commit 176a26ab is bsd.lv mdoc_validate.c rev. 1.391, which fixes a
different bug.

The relevant bugfix is instead bsd.lv tag.c rev. 1.37.  Then again, that one
was also imported into FreeBSD as part of the commit "20de55b07cf9" you
mention, so it is indeed contained in
"c1c95add8c80843ba15d784f95c361d795b1f593".  It is also part of
"dd276946d56197947c47fa7a37255859aea6e942" in the stable/14 branch.

Regarding the importance of the particular bug this ticket is about:  The bug
is described precisely in the bsd.lv tag.c revision 1.37 commit message that
the OP quoted in the original submission.  Few manual pages use explicit
tagging, and even fewer tag nodes manually that would otherwise be tagged
automatically with a different tag name.  I estimate the number of manual pages
in existence that trigger this bug as on the order of three to twenty pages
grand total (compare that to the probably ten thousand to twenty thousand
mdoc(7) manual pages in existence), so the frequency of the bug biting is
probably at or around the permille level, so "Affects Many People" may be an
overstatement.  Then again, got(1) is not an unimportant program.

Regarding the risk of fixing this particular bug: As the upstream maintainer, i
judge the risk of merging https://cvsweb.bsd.lv/mandoc/tag.c#rev1.37 as
extremely low.  It has been used in production in OpenBSD for several years,
and i see no risk of this patch interacting adversely with any other part of
the mandoc code outside tag.c.

To summarize, this bug triggers very rarely, but for at least one important
real-world manual page, and the fix is extremely low risk.  Whether that means
you want to fix it in releng/14.3 requires your judgement, i'm sorry i cannot
help with that decision.

Also consider that this bug is not the only mandoc-1.14.6 bug (of comparable
importance) that was fixed by c1c95add and merged to stable/14, but not merged
to releng/14.3.

Yours,
  Ingo

-- 
You are receiving this mail because:
You are the assignee for the bug.