found 901636 1.14.5-1 thanks Hi!
I think I hit this as well, but I've a minimal example to show for it:
-- >8 --
.Dd June 7, 2021
.Dt SLEEP 1
.Os
.EQ
Z = X + Y
.EN
-- >8 --
Running "mandoc -Tman" on this file produces some output until it
explodes on the .EQ directive (I think? an equivalent thing happens on
the unminimised version (attached)):
-- >8 --
.\" Automatically generated from an mdoc input file. Do not edit.
.TH "SLEEP" "1" "June 7, 2021" "Debian" "General Commands Manual"
.nh
mandoc: mdoc_man.c:686: print_node: Assertion `n->tok >= MDOC_Dd && n->tok <
MDOC_MAX' failed.
Aborted
-- >8 --
Happens on buster (1.14.4-1) and sid (1.14.5-1).
GDB has this to say about it:
-- >8 --
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0xf7e0c515 in __GI_abort () at abort.c:79
#2 0xf7e0c3fe in __assert_fail_base (fmt=<optimized out>, assertion=<optimized
out>, file=<optimized out>, line=300,
function=<optimized out>) at assert.c:92
#3 0xf7e1b1ff in __GI___assert_fail (assertion=assertion@entry=0x565a4c88 "tok
>= MDOC_Dd && tok <= MDOC_MAX",
file=file@entry=0x565a4bba "mdoc_man.c", line=line@entry=300,
function=function@entry=0x565a4b88 <__PRETTY_FUNCTION__.2> "mdoc_man_act")
at assert.c:101
#4 0x5657f29f in mdoc_man_act (tok=<optimized out>) at mdoc_man.c:300
#5 0x5657f4e8 in mdoc_man_act (tok=<optimized out>) at mdoc_man.c:689
#6 print_node (meta=meta@entry=0x565c6600, n=n@entry=0x565cc610) at
mdoc_man.c:688
#7 0x56580a4a in man_mdoc (arg=<optimized out>, mdoc=mdoc@entry=0x565c6600) at
mdoc_man.c:634
#8 0x5657d8cc in parse (curp=curp@entry=0xffffd450, fd=fd@entry=4,
file=file@entry=0xffffd786 "../sleep.1-min")
at main.c:859
#9 0x565613bf in main (argc=<optimized out>, argv=<optimized out>) at
main.c:540
(gdb) up
#6 print_node (meta=meta@entry=0x565c6600, n=n@entry=0x565cc610) at
mdoc_man.c:688
(gdb) p n
$2 = (struct roff_node *) 0x565cc610
(gdb) p *n
$3 = {parent = 0x565c6670, child = 0x0, last = 0x0, next = 0x0, prev =
0x565cc590, head = 0x0, body = 0x0, tail = 0x0,
args = 0x0, norm = 0x0, string = 0x0, span = 0x0, eqn = 0x565cc670, line = 4,
pos = 1, flags = 9, prev_font = 0,
aux = 0, tok = TOKEN_NONE, type = ROFFT_EQN, sec = SEC_NONE, end =
ENDBODY_NOT}
-- >8 --
n->tok is what's being passed to mdoc_man_act() which produces the
assertion, and TOKEN_NONE is just below MDOC_Md, according to roff.h:
-- >8 --
316 ROFF_cblock,
317 ROFF_RENAMED,
318 ROFF_USERDEF,
319 TOKEN_NONE,
320 MDOC_Dd,
321 MDOC_Dt,
322 MDOC_Os,
-- >8 --
The entire document(?) seems to be
-- >8 --
(gdb) p mdoc->first
$14 = (struct roff_node *) 0x565c6670
(gdb) p *mdoc->first
$15 = {parent = 0x0, child = 0x565cc260, last = 0x565cc610, next = 0x0, prev =
0x0, head = 0x0, body = 0x0, tail = 0x0,
args = 0x0, norm = 0x0, string = 0x0, span = 0x0, eqn = 0x0, line = 0, pos =
0, flags = 3, prev_font = 0, aux = 0,
tok = TOKEN_NONE, type = ROFFT_ROOT, sec = SEC_NONE, end = ENDBODY_NOT}
(gdb) p *mdoc->first->child
$16 = {parent = 0x565c6670, child = 0x565cc2d0, last = 0x565cc3b0, next =
0x565cc430, prev = 0x0, head = 0x0,
body = 0x0, tail = 0x0, args = 0x0, norm = 0x0, string = 0x0, span = 0x0, eqn
= 0x0, line = 1, pos = 1, flags = 1035,
prev_font = 0, aux = 0, tok = MDOC_Dd, type = ROFFT_ELEM, sec = SEC_NONE, end
= ENDBODY_NOT}
(gdb) p *mdoc->first->child->next
$17 = {parent = 0x565c6670, child = 0x565cc4a0, last = 0x565cc510, next =
0x565cc590, prev = 0x565cc260, head = 0x0,
body = 0x0, tail = 0x0, args = 0x0, norm = 0x0, string = 0x0, span = 0x0, eqn
= 0x0, line = 2, pos = 1, flags = 1035,
prev_font = 0, aux = 0, tok = MDOC_Dt, type = ROFFT_ELEM, sec = SEC_NONE, end
= ENDBODY_NOT}
(gdb) p *mdoc->first->child->next->next
$18 = {parent = 0x565c6670, child = 0x0, last = 0x0, next = 0x565cc610, prev =
0x565cc430, head = 0x0, body = 0x0,
tail = 0x0, args = 0x0, norm = 0x0, string = 0x0, span = 0x0, eqn = 0x0, line
= 3, pos = 1, flags = 1035,
prev_font = 0, aux = 0, tok = MDOC_Os, type = ROFFT_ELEM, sec = SEC_NONE, end
= ENDBODY_NOT}
(gdb) p *mdoc->first->child->next->next->next
$19 = {parent = 0x565c6670, child = 0x0, last = 0x0, next = 0x0, prev =
0x565cc590, head = 0x0, body = 0x0, tail = 0x0,
args = 0x0, norm = 0x0, string = 0x0, span = 0x0, eqn = 0x565cc670, line = 4,
pos = 1, flags = 9, prev_font = 0,
aux = 0, tok = TOKEN_NONE, type = ROFFT_EQN, sec = SEC_NONE, end =
ENDBODY_NOT}
(gdb) p *mdoc->first->child->next->next->next->next
Cannot access memory at address 0x0
-- >8 --
Which is likely to be produced by roff.c#roff_EQ(), which seems to be
one of the very few spots where a TOKEN_NONE is actively produced,
and the only one where ROFFT_EQN is:
-- >8 --
3297 static int
3298 roff_EQ(ROFF_ARGS)
3299 {
3300 struct roff_node *n;
3301
3302 if (r->man->meta.macroset == MACROSET_MAN)
3303 man_breakscope(r->man, ROFF_EQ);
3304 n = roff_node_alloc(r->man, ln, ppos, ROFFT_EQN, TOKEN_NONE);
3305 if (ln > r->man->last->line)
3306 n->flags |= NODE_LINE;
3307 n->eqn = eqn_box_new();
3308 roff_node_append(r->man, n);
3309 r->man->next = ROFF_NEXT_SIBLING;
3310
3311 assert(r->eqn == NULL);
3312 if (r->last_eqn == NULL)
3313 r->last_eqn = eqn_alloc();
3314 else
3315 eqn_reset(r->last_eqn);
3316 r->eqn = r->last_eqn;
3317 r->eqn->node = n;
3318
3319 if (buf->buf[pos] != '\0')
3320 mandoc_msg(MANDOCERR_ARG_SKIP, ln, pos,
3321 ".EQ %s", buf->buf + pos);
3322
3323 return ROFF_IGN;
3324 }
-- >8 --
I'm not sure what other token is better suited here (or, indeed, if at
all), but I think someone better-versed than me should stand good chance?
Best,
наб
.\" SPDX-License-Identifier: 0BSD .\" .Dd June 7, 2021 .Dt SLEEP 1 .Os . .Sh NAME .Nm sleep .Nd do nothing, slowly .Sh SYNOPSIS .Nm .Ar delay Ns Oo Sy smhdwy Oc Ns … . .Sh DESCRIPTION Sleep for the the time(s) specified. Each .Ar delay is a floating-point amount of seconds, optionally suffixed with one of the following cumulative multipliers: .Bl -tag -compact -offset Ds -width "m(inutes)" .It Sy s Ns Pq econds .Sy 1 .It Sy m Ns Pq inutes .Sy 60 .It Sy h Ns Pq hours .Sy 60 .It Sy d Ns Pq ays .Sy 24 .It Sy w Ns Pq eeks .Sy 7 .It Sy y Ns Pq ears .Sy 365.25 / 7 .El .EQ Z = X + Y .EN . .Sh EXAMPLES Wait a half-second: .Dl Nm Ar 0.5 .Dl Nm Ar 1.388e-4 Ns Sy h .Pp Wait a year: .Dl Nm Ar 1 Ns Sy y .Dl Nm Ar 3.1e+7 .Pp Wait infinitely, or until the heat death of the universe: .Dl Nm Ar INF Ns Sy s .Dl Nm Ar 10e+100y . .Sh SEE ALSO .Xr nanosleep 2
.Dd June 7, 2021 .Dt SLEEP 1 .Os .EQ Z = X + Y .EN
signature.asc
Description: PGP signature
