Subject: man2html: crashes when .SH contains "%n%n%n%n" Package: man2html Version: 1.5n-2 Severity: important Tags: patch
Hello, man2html crashes because of a bad printf() call. If someone installs a man page that contains a .SH that ends with "%n%n%n%n" or something similar, man2html will crash when viewing it. There is a printf() call that uses the .SH data as the format string instead of using "%s" as the format string and that data as a parameter. I have attached a patch as well as a man page that exhibits this problem. // Ulf Harnhammar -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.8-1-686 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages man2html depends on: ii debconf [debconf-2.0] 1.4.30.11 Debian configuration management sy ii debianutils 2.8.4 Miscellaneous utilities specific t ii gawk 1:3.1.4-2 GNU awk, a pattern scanning and pr ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii man-db 2.4.2-19 The on-line manual pager -- debconf information: man2html/index_manpages: true
--- man2html.c.old 2005-01-21 23:33:11.000000000 +0100
+++ man2html.c 2005-01-21 23:38:26.000000000 +0100
@@ -3228,7 +3228,7 @@ main(int argc, char **argv) {
/* for mosaic users */
printf("<HR>\n<A NAME=\"index\"> </A><H2>Index</H2>\n<DL>\n");
manidx[mip]=0;
- printf(manidx);
+ printf("%s", manidx);
if (subs) printf("</DL>\n");
printf("</DL>\n");
print_sig();
ltris.6
Description: Binary data
