New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doxygen segfaults if msg() is passed a null second arg. (Origin: bugzilla #662044) #4437

doxygen opened this Issue Jul 2, 2018 · 0 comments


None yet
1 participant

doxygen commented Jul 2, 2018

status RESOLVED severity normal in component general for ---
Reported in version on platform Other
Assigned to: Dimitri van Heesch

Original attachment names and IDs:

On 2011-10-17 21:29:20 +0000, Tim Mooney wrote:

Created attachment 199282
make certain fileVersion is valid before calling msg with

I built doxygen on x86_64-sun-solaris2.10, because an earlier version (1.4.6) was segfaulting when trying to build the documentation that's part of ruby. also segfaults, and it looks like the issue is the same. It's possible for message.cpp:msg() to be passed NULL for the varargs bit, and when it is, it just passes it on to vfprintf, which causes a segfault. Here's an example from the ruby doc build:

gmake[1]: Leaving directory `/local/src/RPM/BUILD/ruby-1.9.2-p290'
Generating RDoc documentation
./miniruby -I./lib -I.ext/common -I./- -r./ext/purelib.rb ./tool/runruby.rb --extout=.ext -- "./bin/rdoc" --no-force-update --all --ri --op ".ext/rdoc" "."

No newer files.
Searching for include files...
Searching for example files...
Searching for images...
Searching for files in directory /local/src/RPM/BUILD/ruby-1.9.2-p290/doc/images
gmake: *** [doc/capi/.timestamp] Segmentation Fault (core dumped)

$dbx /local/bin/doxygen core
For information about new features see help changes' To remove this message, put dbxenv suppress_startup_message 7.8' in your .dbxrc
Reading doxygen
core file header read successfully
t@1 (l@1) program terminated by signal SEGV (no mapping at the fault address)
0x00007fffffaf4be0: strlen+0x0040: movq (%rsi),%rax
Current function is msg
111 vfprintf(stdout, fmt, args);
(dbx) where
current thread: t@1
[1] strlen(0x0, 0x0, 0xfffffd7fffdfd8b8, 0x73, 0x0, 0xfffffd7fffdfd990), at 0x7fffffaf4be0
[2] _ndoprnt(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0x7fffffb506fa
[3] vfprintf(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0x7fffffb51a61
=>[4] msg(fmt = 0xcb9b84 "%s\n", ...), line 111 in "message.cpp"
[5] FileDef::acquireFileVersion(this = 0x1737c60), line 1519 in "filedef.cpp"
[6] FileDef::FileDef(this = 0x1737c60, p = 0x173a220 "/local/src/RPM/BUILD/ruby-1.9.2-p290/doc/images/", nm = 0x1730cf0 "boottime-classes.png", lref = (nil), dn = (nil)), line 100 in "filedef.cpp"
[7] readDir(fi = 0xfffffd7fffdfe550, fnList = (nil), fnDict = 0x144af70, exclDict = (nil), patList = (nil), exclPatList = (nil), resultList = (nil), resultDict = (nil), errorIfNotExist = true, recursive = true, killDict = (nil)), line 9067 in "doxygen.cpp"
[8] readFileOrDirectory(s = 0x1483f30 "./doc/images", fnList = (nil), fnDict = 0x144af70, exclDict = (nil), patList = (nil), exclPatList = (nil), resultList = (nil), resultDict = (nil), recursive = true, errorIfNotExist = true, killDict = (nil)), line 9186 in "doxygen.cpp"
[9] searchInputFiles(inputFiles = CLASS), line 10077 in "doxygen.cpp"
[10] parseInput(), line 10321 in "doxygen.cpp"
[11] main(argc = 1, argv = 0xfffffd7fffdfedf8), line 37 in "main.cpp"

Fixing msg() so that it handles NULL anywhere in the argument list is tricky, so in this case it might be easier to fix filedef to be more careful to not pass NULL to it.

The section of acquireFileVersion in question is:

if (numRead > 0)
  fileVersion = QCString(buf,numRead).stripWhiteSpace();
  msg("no version available\n");

I've seen other spots in the code check fileVersion.isEmpty(), so as a guess I inserted that check before the call to msg, and it at least allows doxygen to proceed through the ruby documentation without segfaulting.

Patch is attached.

On 2011-10-26 20:15:22 +0000, Dimitri van Heesch wrote:

Thanks, I'll include the patch in the next subversion update.

On 2011-11-08 19:01:01 +0000, Dimitri van Heesch wrote:

*** Bug 663642 has been marked as a duplicate of this bug. ***

On 2011-12-03 18:22:55 +0000, Dimitri van Heesch wrote:

This bug was previously marked ASSIGNED, which means it should be fixed in
doxygen version 1.7.6. Please verify if this is indeed the case. Reopen the
bug if you think it is not fixed and please include any additional information
that you think can be relevant.

@doxygen doxygen closed this Jul 2, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment