DWB 2.0 ditroff bug
Bill "Bill" Tuthill
tut%cairo at Sun.COM
Tue Jan 31 13:52:15 AEST 1989
The ditroff (aka troff) in Documenter's WorkBench 2.0 core dumps
when a break and some text follow a \D draw command. For example,
this input causes a core dump:
\D'c 1i'
.br
a
Here is a fix, courtesy of Henry McGilton. The core dump is caused
by an attempt to store a value in a negative (out-of-bounds) array
location. The core dump actually occurs in the getcw() function,
although the bug is in the ptout0() function. Note that only two
lines need to be added; lines marked ! are just indented further.
*** 302,313 ****
if (k < 040 && k != DRAWFCN)
return(outsize);
! if (widcache[k-32].fontpts == (xfont<<8) + xpts && !setwdf) {
! w = widcache[k-32].width;
! bd = 0;
! cs = 0;
! } else
! w = getcw(k-32);
j = z = 0;
if (k != DRAWFCN) {
--- 304,317 ----
if (k < 040 && k != DRAWFCN)
return(outsize);
+ if (k >= 32) {
! if (widcache[k-32].fontpts == (xfont<<8) + xpts && !setwdf) {
! w = widcache[k-32].width;
! bd = 0;
! cs = 0;
! } else
! w = getcw(k-32);
+ }
j = z = 0;
if (k != DRAWFCN) {
The ditroff in DWB 1.0 has the same bug, but does not core dump
with the input given above because it tests, but does not store a
value in, the out-of-bounds array location.
Bill Tuthill
More information about the Comp.bugs.sys5
mailing list