michaelrsweet / codedoc Goto Github PK

View Code? Open in Web Editor NEW

47.0 6.0 6.0 1.09 MB

Documentation generator for C/C++ code

Home Page: https://www.msweet.org/codedoc

License: Apache License 2.0

Makefile 1.01% Roff 1.21% C 91.07% Shell 1.74% C++ 2.89% M4 2.08%

code documentation epub html man

codedoc's Introduction

Codedoc v3.7

Codedoc is a general-purpose utility which scans HTML, markdown, C, and C++ source files to produce EPUB, HTML, and man page documentation that can be read by humans. Unlike popular C/C++ documentation generators like Doxygen or Javadoc, Codedoc uses in-line comments rather than comment headers, allowing for more "natural" code documentation. Additional markdown documentation content can be included to make the generated documentation even more useful and complete.

Codedoc was originally bundled with the Mini-XML library as the mxmldoc utility.

Building Codedoc

Codedoc comes with the usual configure script and makefile that will work on most Linux/UNIX systems and macOS. Prerequisites include ZLIB 1.1 or later and Mini-XML 4.x.

Run the following commands to build the software:

./configure
make

The default install prefix is /usr/local, which can be overridden using the --prefix option:

./configure --prefix=/some/other/directory
make

Installing Codedoc

To install the software, run:

sudo make install

Documentation

The codedoc man page provides documentation on how to use it. Further documentation can be found in the file "DOCUMENTATION.md" and the generated "codedoc.html" file.

Getting Help And Reporting Problems

The codedoc project page provides access to the Github issue tracking page:

https://www.msweet.org/codedoc

Legal Stuff

Codedoc is licensed under the Apache License Version 2.0. See the files "LICENSE" and "NOTICE" for more information.

codedoc's People

Contributors

Stargazers

Watchers

Forkers

supriya1511 meet231 yalong0424 southeastofstar ashamedbit haifenghuang

codedoc's Issues

Change default CSS for inline code

The current default CSS for inline code puts it in a shaded, outlined box which disrupts the flow of the documentation. Just use monospaced text.

ASAN:DEADLYSIGNAL

./codedoc poc1

ASAN:DEADLYSIGNAL
=================================================================
==130545==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x562719a5afc5 bp 0x7ffe435142a0 sp 0x7ffe435141b0 T0)
==130545==The signal is caused by a READ memory access.
==130545==Hint: address points to the zero page.
    #0 0x562719a5afc4 in write_html_body /home/tianmai/workspace/codedoc(复件)/codedoc.c:6042
    #1 0x562719a5a4b9 in write_html /home/tianmai/workspace/codedoc(复件)/codedoc.c:5867
    #2 0x562719a48194 in main /home/tianmai/workspace/codedoc(复件)/codedoc.c:625
    #3 0x7ff114394c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
    #4 0x562719a465e9 in _start (/home/tianmai/workspace/codedoc(复件)/codedoc+0xe5e9)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/tianmai/workspace/codedoc(复件)/codedoc.c:6042 in write_html_body
==130545==ABORTING

In file: /home/tianmai/workspace/codedoc(复件)/codedoc.c
   6037       else
   6038       {
   6039 	type   = mxmlFindElement(scut, scut, "type", NULL, NULL, MXML_DESCEND_FIRST);
   6040 	string = mxmlGetText(mxmlGetLastChild(type), NULL);
   6041 
 ► 6042         if (*string != '*')
   6043 	  putc(' ', out);
   6044 
   6045 	fprintf(out, "%s;\n", name);
   6046       }
   6047

poc1.zip

outbound read in scan_file codedoc.c:2903

root@ubuntu:/home/tim/fuzz/codedoc# ./codedoc poc
poc.zip

ldd (Ubuntu GLIBC 2.27-3ubuntu1) 2.27
I think should limit ch (char instead of int) one byte, or it use alpha table in glibc,which may cause outbound read in inline code glibc

asan output

==47845==ERROR: AddressSanitizer: SEGV on unknown address 0x7ffff6b201d4 (pc 0x55555556be17 bp 0x7fffffffde20 sp 0x7ffffffddcc0 T0)`

==47845==The signal is caused by a READ memory access.
    #0 0x55555556be16 in scan_file /home/tim/codedoc-addr/codedoc.c:2903
    #1 0x555555566b56 in main /home/tim/codedoc-addr/codedoc.c:488
    #2 0x7ffff660eb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #3 0x5555555675e9 in _start (/home/tim/fuzz/codedoc/codedoc-addr+0x135e9)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/tim/codedoc-addr/codedoc.c:2903 in scan_file
==47845==ABORTING

gdb output

[----------------------------------registers-----------------------------------]
RAX: 0x7ffff7fdd6d8 --> 0x7ffff7746cc0 --> 0x2000200020002 
RBX: 0x0 
RCX: 0x7ffff7746cc0 --> 0x2000200020002 
RDX: 0x1ca28a 
RSI: 0x555555771790 --> 0x8a8a8a8a8af7 
RDI: 0x5555557714e0 --> 0xfbad2488 
RBP: 0x0 
RSP: 0x7ffffffdde00 --> 0x0 
RIP: 0x55555555aab3 (<scan_file+3396>:	test   BYTE PTR [rcx+rdx*2],0x8)
R8 : 0x77 ('w')
R9 : 0x0 
R10: 0x555555771010 --> 0x100 
R11: 0x246 
R12: 0x1ca28a 
R13: 0x8 
R14: 0x0 
R15: 0x0
EFLAGS: 0x10207 (CARRY PARITY adjust zero sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
   0x55555555aaa8 <scan_file+3385>:	call   0x5555555571e0 <__ctype_b_loc@plt>
   0x55555555aaad <scan_file+3390>:	mov    rcx,QWORD PTR [rax]
   0x55555555aab0 <scan_file+3393>:	movsxd rdx,r12d
=> 0x55555555aab3 <scan_file+3396>:	test   BYTE PTR [rcx+rdx*2],0x8
   0x55555555aab7 <scan_file+3400>:	jne    0x55555555aad2 <scan_file+3427>
   0x55555555aab9 <scan_file+3402>:	cmp    r12d,0x5f
   0x55555555aabd <scan_file+3406>:	je     0x55555555aad2 <scan_file+3427>
   0x55555555aabf <scan_file+3408>:	cmp    r12d,0x2e
[------------------------------------stack-------------------------------------]
0000| 0x7ffffffdde00 --> 0x0 
0008| 0x7ffffffdde08 --> 0x555555771710 --> 0x0 
0016| 0x7ffffffdde10 --> 0x0 
0024| 0x7ffffffdde18 --> 0x0 
0032| 0x7ffffffdde20 --> 0x0 
0040| 0x7ffffffdde28 --> 0x5555557712f0 --> 0x0 
0048| 0x7ffffffdde30 --> 0x0 
0056| 0x7ffffffdde38 --> 0x7fffffffdf58 --> 0x7fffffffe3f1 --> 0x54554c4300636f70 ('poc')
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0x000055555555aab3 in scan_file (file=<optimized out>, tree=<optimized out>) at codedoc.c:2903
2903		        if (isalnum(ch) || ch == '_' || ch == '.' || ch == ':' || ch == '~')
gdb-peda$ bt
#0  0x000055555555aab3 in scan_file (file=<optimized out>, tree=<optimized out>) at codedoc.c:2903
#1  0x00005555555577d6 in main (argc=argc@entry=0x2, argv=argv@entry=0x7fffffffe098) at codedoc.c:488
#2  0x00007ffff75c9b97 in __libc_start_main (main=0x555555557239 <main>, argc=0x2, argv=0x7fffffffe098, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe088) at ../csu/libc-start.c:310
#3  0x0000555555557dfa in _start ()
gdb-peda$ vmmap 
Start              End                Perm	Name
0x0000555555554000 0x000055555556e000 r-xp	/home/tim/fuzz/codedoc/codedoc
0x000055555576e000 0x0000555555770000 r--p	/home/tim/fuzz/codedoc/codedoc
0x0000555555770000 0x0000555555771000 rw-p	/home/tim/fuzz/codedoc/codedoc
0x0000555555771000 0x0000555555792000 rw-p	[heap]
0x00007ffff75a8000 0x00007ffff778f000 r-xp	/lib/x86_64-linux-gnu/libc-2.27.so
0x00007ffff778f000 0x00007ffff798f000 ---p	/lib/x86_64-linux-gnu/libc-2.27.so
0x00007ffff798f000 0x00007ffff7993000 r--p	/lib/x86_64-linux-gnu/libc-2.27.so
0x00007ffff7993000 0x00007ffff7995000 rw-p	/lib/x86_64-linux-gnu/libc-2.27.so
0x00007ffff7995000 0x00007ffff7999000 rw-p	mapped
0x00007ffff7999000 0x00007ffff79b3000 r-xp	/lib/x86_64-linux-gnu/libpthread-2.27.so
0x00007ffff79b3000 0x00007ffff7bb2000 ---p	/lib/x86_64-linux-gnu/libpthread-2.27.so
0x00007ffff7bb2000 0x00007ffff7bb3000 r--p	/lib/x86_64-linux-gnu/libpthread-2.27.so
0x00007ffff7bb3000 0x00007ffff7bb4000 rw-p	/lib/x86_64-linux-gnu/libpthread-2.27.so
0x00007ffff7bb4000 0x00007ffff7bb8000 rw-p	mapped
0x00007ffff7bb8000 0x00007ffff7bd4000 r-xp	/lib/x86_64-linux-gnu/libz.so.1.2.11
0x00007ffff7bd4000 0x00007ffff7dd3000 ---p	/lib/x86_64-linux-gnu/libz.so.1.2.11
0x00007ffff7dd3000 0x00007ffff7dd4000 r--p	/lib/x86_64-linux-gnu/libz.so.1.2.11
0x00007ffff7dd4000 0x00007ffff7dd5000 rw-p	/lib/x86_64-linux-gnu/libz.so.1.2.11
0x00007ffff7dd5000 0x00007ffff7dfc000 r-xp	/lib/x86_64-linux-gnu/ld-2.27.so
0x00007ffff7fdd000 0x00007ffff7fe2000 rw-p	mapped
0x00007ffff7ff7000 0x00007ffff7ffa000 r--p	[vvar]
0x00007ffff7ffa000 0x00007ffff7ffc000 r-xp	[vdso]
0x00007ffff7ffc000 0x00007ffff7ffd000 r--p	/lib/x86_64-linux-gnu/ld-2.27.so
0x00007ffff7ffd000 0x00007ffff7ffe000 rw-p	/lib/x86_64-linux-gnu/ld-2.27.so
0x00007ffff7ffe000 0x00007ffff7fff000 rw-p	mapped
0x00007ffffffdd000 0x00007ffffffff000 rw-p	[stack]
0xffffffffff600000 0xffffffffff601000 r-xp	[vsyscall]

namespace => no documentation generation.

Hi,
I observed this code do not generate any documentation:

namespace {
// My comment
void theFunction()
}

but this one does:

// My comment
void theFunction()

I think codedoc do not handle C++ namespace properly.

Markdown language support: add HTML/XML highlighting

Right now only C/C++ code can be highlighted. Would be nice to include XML and HTML, e.g.:

```html
<foo bar="value>Text</foo>
```

Map (c) in copyright string and markdown to copyright symbol...

Right now there is no way to insert a proper copyright symbol in the copyright string or markdown text that will work for HTML, EPUB, and man page output. Should map (c) and (tm) to the corresponding HTML or roff entities.

Support simple markdown in comments

Hello,
is there a way to write an indented multiline code block in a function description?
@code [...]@ does not allow line breaks in it and a possible workaround with multiple code snippets is not formatted right.

AddressSanitizer: heap-buffer-overflow

./codedoc poc225
version 3.7

=================================================================
==43141==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000012f at pc 0x55e9e1ae8aa6 bp 0x7ffefd45f8d0 sp 0x7ffefd45f8c0
READ of size 1 at 0x60200000012f thread T0
    #0 0x55e9e1ae8aa5 in highlight_c_string /home/tianmai/workspace/codedoc(复件)/codedoc.c:1742
    #1 0x55e9e1aea2ac in markdown_write_block /home/tianmai/workspace/codedoc(复件)/codedoc.c:2434
    #2 0x55e9e1aea60d in markdown_write_block /home/tianmai/workspace/codedoc(复件)/codedoc.c:2517
    #3 0x55e9e1af65f5 in write_html_body /home/tianmai/workspace/codedoc(复件)/codedoc.c:5919
    #4 0x55e9e1af64b9 in write_html /home/tianmai/workspace/codedoc(复件)/codedoc.c:5867
    #5 0x55e9e1ae4194 in main /home/tianmai/workspace/codedoc(复件)/codedoc.c:625
    #6 0x7f7850eb5c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
    #7 0x55e9e1ae25e9 in _start (/home/tianmai/workspace/codedoc(复件)/codedoc+0xe5e9)

0x60200000012f is located 1 bytes to the left of 1-byte region [0x602000000130,0x602000000131)
allocated by thread T0 here:
    #0 0x7f7851726538 in strdup (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x77538)
    #1 0x55e9e1b024bc in mmd_add /home/tianmai/workspace/codedoc(复件)/mmd.c:1312
    #2 0x55e9e1afe436 in mmdLoadFile /home/tianmai/workspace/codedoc(复件)/mmd.c:660
    #3 0x55e9e1b0226c in mmdLoadString /home/tianmai/workspace/codedoc(复件)/mmd.c:1232
    #4 0x55e9e1aed7ec in scan_file /home/tianmai/workspace/codedoc(复件)/codedoc.c:3575
    #5 0x55e9e1ae3b8e in main /home/tianmai/workspace/codedoc(复件)/codedoc.c:531
    #6 0x7f7850eb5c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/tianmai/workspace/codedoc(复件)/codedoc.c:1742 in highlight_c_string
Shadow bytes around the buggy address:
  0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff8000: fa fa 00 fa fa fa fd fd fa fa 06 fa fa fa 00 02
  0x0c047fff8010: fa fa fd fa fa fa 02 fa fa fa 06 fa fa fa 00 07
=>0x0c047fff8020: fa fa 00 07 fa[fa]01 fa fa fa 01 fa fa fa 01 fa
  0x0c047fff8030: fa fa 06 fa fa fa 05 fa fa fa 05 fa fa fa 03 fa
  0x0c047fff8040: fa fa 00 fa fa fa 04 fa fa fa 07 fa fa fa 00 fa
  0x0c047fff8050: fa fa 00 01 fa fa 00 01 fa fa 00 01 fa fa 04 fa
  0x0c047fff8060: fa fa 02 fa fa fa 02 fa fa fa 00 03 fa fa 00 02
  0x0c047fff8070: fa fa 00 fa fa fa 05 fa fa fa 07 fa fa fa 04 fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==43141==ABORTING

poc225.zip

ASAN:DEADLYSIGNAL

./codedoc poc24

ASAN:DEADLYSIGNAL
=================================================================
==112923==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x56156b088d08 bp 0x7fff113d0770 sp 0x7fff113d0750 T0)
==112923==The signal is caused by a READ memory access.
==112923==Hint: address points to the zero page.
    #0 0x56156b088d07 in markdown_anchor /home/tianmai/workspace/codedoc(复件)/codedoc.c:2282
    #1 0x56156b0894f2 in markdown_write_block /home/tianmai/workspace/codedoc(复件)/codedoc.c:2502
    #2 0x56156b08960d in markdown_write_block /home/tianmai/workspace/codedoc(复件)/codedoc.c:2517
    #3 0x56156b08960d in markdown_write_block /home/tianmai/workspace/codedoc(复件)/codedoc.c:2517
    #4 0x56156b0955f5 in write_html_body /home/tianmai/workspace/codedoc(复件)/codedoc.c:5919
    #5 0x56156b0954b9 in write_html /home/tianmai/workspace/codedoc(复件)/codedoc.c:5867
    #6 0x56156b083194 in main /home/tianmai/workspace/codedoc(复件)/codedoc.c:625
    #7 0x7f3c236b0c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
    #8 0x56156b0815e9 in _start (/home/tianmai/workspace/codedoc(复件)/codedoc+0xe5e9)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/tianmai/workspace/codedoc(复件)/codedoc.c:2282 in markdown_anchor
==112923==ABORTING

In file: /home/tianmai/workspace/codedoc(复件)/codedoc.c
   2277 {
   2278   char          *bufptr;                /* Pointer into buffer */
   2279   static char   buffer[1024];           /* Buffer for anchor string */
   2280 
   2281 
 ► 2282   for (bufptr = buffer; *text && bufptr < (buffer + sizeof(buffer) - 1); text ++)
   2283   {
   2284     if ((*text >= '0' && *text <= '9') || (*text >= 'a' && *text <= 'z') || (*text >= 'A' && *text <= 'Z') || *text == '.' || *text == '-')
   2285       *bufptr++ = (char)tolower(*text);
   2286     else if (*text == ' ')
   2287       *bufptr++ = '-';

poc24.zip

Add support for top-level documentation comments

From issue #9:

Also I don't want to open another issue for this, but it would be nice if there was a way to put a comment at the beginning of a file and have it be top-level documentation.

Add an option for static items and function begining with "__".

I love codedoc,im not a fan of gaint software so codedoc is 102% my favorite documentation generator. The problem is that i want to document "hidden" functions and such. Like i can have the main API in the header files,but also document the support functions in the c files. Can you add an option to document "hidden" functions and such. I am busy writing a compiler otherwise i would do it myself.

Thanks a lot btw,i love your mini-xml library too.

Fix function/variable parsing to allow comments in different places

Comments for functions do not not function as expected. I can give examples on request, but here are the issues I came across testing codedoc with a small file with just a single function defined.

If the return type is not void, there is a comment before the function, and there isn't a comment after the return type, the comment before the function becomes documentation for the return type and not for the function itself.
A multi-line comment after the return type breaks the documentation for the function itself.
Documentation comments for arguments only work if the parameter contains a comma after the parameter name.
Man pages do not show return type and parameter documentation.

AddressSanitizer: attempting double-free

./codedoc poc188
version 3.7

==102826==ERROR: AddressSanitizer: attempting double-free on 0x6080000014a0 in thread T0:
    #0 0x7f8e1b7577a8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7a8)
    #1 0x5567506d6cae in scan_file /home/tianmai/workspace/codedoc(复件)/codedoc.c:3668
    #2 0x5567506ccb8e in main /home/tianmai/workspace/codedoc(复件)/codedoc.c:531
    #3 0x7f8e1ae7fc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
    #4 0x5567506cb5e9 in _start (/home/tianmai/workspace/codedoc(复件)/codedoc+0xe5e9)

0x6080000014a0 is located 0 bytes inside of 88-byte region [0x6080000014a0,0x6080000014f8)
freed by thread T0 here:
    #0 0x7f8e1b7577a8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7a8)
    #1 0x7f8e1b4739e2 in mxmlDelete /home/tianmai/mxml-3.2/mxml-node.c:231

previously allocated by thread T0 here:
    #0 0x7f8e1b757d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
    #1 0x7f8e1b473664 in mxml_new /home/tianmai/mxml-3.2/mxml-node.c:841

SUMMARY: AddressSanitizer: double-free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7a8) in __interceptor_free
==102826==ABORTING

poc188.zip

stack-buffer-overflow in codedoc_strlcpy codedoc.c:144

root@ubuntu:/home/tim/fuzz/codedoc# ./codedoc poc2
poc2.zip

asan output

=================================================================
==29166==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffffffddc40 at pc 0x7ffff6e94d82 bp 0x7ffffffd9b70 sp 0x7ffffffd9318
WRITE of size 1 at 0x7ffffffddc40 thread T0
    #0 0x7ffff6e94d81 in __interceptor_memmove (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x7ad81)
    #1 0x555555567c6e in memmove /usr/include/x86_64-linux-gnu/bits/string_fortified.h:40
    #2 0x555555567c6e in codedoc_strlcpy /home/tim/codedoc-addr/codedoc.c:144
    #3 0x555555567e8c in add_variable /home/tim/codedoc-addr/codedoc.c:860
    #4 0x55555556d103 in scan_file /home/tim/codedoc-addr/codedoc.c:3591
    #5 0x555555566b56 in main /home/tim/codedoc-addr/codedoc.c:488
    #6 0x7ffff660eb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #7 0x5555555675e9 in _start (/home/tim/fuzz/codedoc/codedoc-addr+0x135e9)

Address 0x7ffffffddc40 is located in stack of thread T0 at offset 16480 in frame
    #0 0x555555567cb0 in add_variable /home/tim/codedoc-addr/codedoc.c:810

  This frame has 2 object(s):
    [32, 36) 'whitespace'
    [96, 16480) 'buffer' <== Memory access at offset 16480 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x7ad81) in __interceptor_memmove
Shadow bytes around the buggy address:
  0x10007fff3b30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10007fff3b40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10007fff3b50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10007fff3b60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10007fff3b70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x10007fff3b80: 00 00 00 00 00 00 00 00[f3]f3 f3 f3 00 00 00 00
  0x10007fff3b90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10007fff3ba0: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f2 f2 f2
  0x10007fff3bb0: f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 00 00
  0x10007fff3bc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10007fff3bd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==29166==ABORTING

gdb output

*** stack smashing detected ***: <unknown> terminated

Program received signal SIGABRT, Aborted.

[----------------------------------registers-----------------------------------]
RAX: 0x0 
RBX: 0x7ffffffd9bd0 --> 0x0 
RCX: 0x7ffff75e6e97 (<__GI_raise+199>:	mov    rcx,QWORD PTR [rsp+0x108])
RDX: 0x0 
RSI: 0x7ffffffd9930 --> 0x0 
RDI: 0x2 
RBP: 0x7ffffffd9d60 --> 0x7ffff775e97e ("<unknown>")
RSP: 0x7ffffffd9930 --> 0x0 
RIP: 0x7ffff75e6e97 (<__GI_raise+199>:	mov    rcx,QWORD PTR [rsp+0x108])
R8 : 0x0 
R9 : 0x7ffffffd9930 --> 0x0 
R10: 0x8 
R11: 0x246 
R12: 0x7ffffffd9bd0 --> 0x0 
R13: 0x1000 
R14: 0x0 
R15: 0x30 ('0')
EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
   0x7ffff75e6e8b <__GI_raise+187>:	mov    edi,0x2
   0x7ffff75e6e90 <__GI_raise+192>:	mov    eax,0xe
   0x7ffff75e6e95 <__GI_raise+197>:	syscall 
=> 0x7ffff75e6e97 <__GI_raise+199>:	mov    rcx,QWORD PTR [rsp+0x108]
   0x7ffff75e6e9f <__GI_raise+207>:	xor    rcx,QWORD PTR fs:0x28
   0x7ffff75e6ea8 <__GI_raise+216>:	mov    eax,r8d
   0x7ffff75e6eab <__GI_raise+219>:	jne    0x7ffff75e6ecc <__GI_raise+252>
   0x7ffff75e6ead <__GI_raise+221>:	add    rsp,0x118
[------------------------------------stack-------------------------------------]
0000| 0x7ffffffd9930 --> 0x0 
0008| 0x7ffffffd9938 --> 0x0 
0016| 0x7ffffffd9940 --> 0x0 
0024| 0x7ffffffd9948 --> 0x0 
0032| 0x7ffffffd9950 --> 0x0 
0040| 0x7ffffffd9958 --> 0x0 
0048| 0x7ffffffd9960 --> 0x0 
0056| 0x7ffffffd9968 --> 0x0 
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGABRT
__GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:51
51	../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
gdb-peda$ bt
#0  __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff75e8801 in __GI_abort () at abort.c:79
#2  0x00007ffff7631897 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff775e988 "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:181
#3  0x00007ffff76dccd1 in __GI___fortify_fail_abort (need_backtrace=need_backtrace@entry=0x0, msg=msg@entry=0x7ffff775e966 "stack smashing detected") at fortify_fail.c:33
#4  0x00007ffff76dcc92 in __stack_chk_fail () at stack_chk_fail.c:29
#5  0x0000555555558602 in add_variable (parent=<optimized out>, name=<optimized out>, type=<optimized out>) at codedoc.c:930
#6  0x000055555555b95e in scan_file (file=<optimized out>, tree=<optimized out>) at codedoc.c:3591
#7  0x00005555555577d6 in main (argc=argc@entry=0x2, argv=argv@entry=0x7fffffffe098) at codedoc.c:488
#8  0x00007ffff75c9b97 in __libc_start_main (main=0x555555557239 <main>, argc=0x2, argv=0x7fffffffe098, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe088) at ../csu/libc-start.c:310
#9  0x0000555555557dfa in _start ()
gdb-peda$

outbound read in scan_file codedoc.c:3371

root@ubuntu:/home/tim/fuzz/codedoc# ./codedoc poc1
poc1.zip
may cause same as #3 (comment)
asan output

ASAN:DEADLYSIGNAL
=================================================================
==117053==ERROR: AddressSanitizer: SEGV on unknown address 0x7ffff697d930 (pc 0x55555556c9da bp 0x7fffffffde20 sp 0x7ffffffddcc0 T0)
==117053==The signal is caused by a READ memory access.
    #0 0x55555556c9d9 in scan_file /home/tim/codedoc-addr/codedoc.c:3371
    #1 0x555555566b56 in main /home/tim/codedoc-addr/codedoc.c:488
    #2 0x7ffff660eb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #3 0x5555555675e9 in _start (/home/tim/fuzz/codedoc/codedoc-addr+0x135e9)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/tim/codedoc-addr/codedoc.c:3371 in scan_file
==117053==ABORTING

gdb output

Program received signal SIGSEGV, Segmentation fault.

[----------------------------------registers-----------------------------------]
RAX: 0x7ffff7fdd6d8 --> 0x7ffff7746cc0 --> 0x2000200020002 
RBX: 0x5555557727a0 --> 0x0 
RCX: 0x7ffff7746cc0 --> 0x2000200020002 
RDX: 0xf8e38 
RSI: 0x57 ('W')
RDI: 0x5555557714e0 --> 0xfbad2488 
RBP: 0x0 
RSP: 0x7ffffffdde00 --> 0x0 
RIP: 0x55555555b30a (<scan_file+5531>:	test   BYTE PTR [rcx+rdx*2],0x8)
R8 : 0x5555557728a0 --> 0x4 
R9 : 0x0 
R10: 0x555555771010 --> 0x100 
R11: 0x0 
R12: 0xf8e38 
R13: 0x1 
R14: 0x6 
R15: 0x0
EFLAGS: 0x10207 (CARRY PARITY adjust zero sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
   0x55555555b2ff <scan_file+5520>:	call   0x5555555571e0 <__ctype_b_loc@plt>
   0x55555555b304 <scan_file+5525>:	mov    rcx,QWORD PTR [rax]
   0x55555555b307 <scan_file+5528>:	movsxd rdx,r12d
=> 0x55555555b30a <scan_file+5531>:	test   BYTE PTR [rcx+rdx*2],0x8
   0x55555555b30e <scan_file+5535>:	jne    0x55555555b361 <scan_file+5618>
   0x55555555b310 <scan_file+5537>:	mov    edx,r12d
   0x55555555b313 <scan_file+5540>:	and    edx,0xfffffffb
   0x55555555b316 <scan_file+5543>:	cmp    edx,0x5b
[------------------------------------stack-------------------------------------]
0000| 0x7ffffffdde00 --> 0x0 
0008| 0x7ffffffdde08 --> 0x555555771710 --> 0x0 
0016| 0x7ffffffdde10 --> 0x0 
0024| 0x7ffffffdde18 --> 0x0 
0032| 0x7ffffffdde20 --> 0x0 
0040| 0x7ffffffdde28 --> 0x5555557712f0 --> 0x0 
0048| 0x7ffffffdde30 --> 0x0 
0056| 0x7ffffffdde38 --> 0x7fffffffdf58 --> 0x7fffffffe3f0 --> 0x554c430031636f70 ('poc1')
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0x000055555555b30a in scan_file (file=<optimized out>, tree=<optimized out>) at codedoc.c:3371
3371		  if (isalnum(ch) || ch == '_' || ch == '[' || ch == ']' ||
gdb-peda$ bt
#0  0x000055555555b30a in scan_file (file=<optimized out>, tree=<optimized out>) at codedoc.c:3371
#1  0x00005555555577d6 in main (argc=argc@entry=0x2, argv=argv@entry=0x7fffffffe098) at codedoc.c:488
#2  0x00007ffff75c9b97 in __libc_start_main (main=0x555555557239 <main>, argc=0x2, argv=0x7fffffffe098, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe088) at ../csu/libc-start.c:310
#3  0x0000555555557dfa in _start ()
gdb-peda$ vmmap 
Start              End                Perm	Name
0x0000555555554000 0x000055555556e000 r-xp	/home/tim/fuzz/codedoc/codedoc
0x000055555576e000 0x0000555555770000 r--p	/home/tim/fuzz/codedoc/codedoc
0x0000555555770000 0x0000555555771000 rw-p	/home/tim/fuzz/codedoc/codedoc
0x0000555555771000 0x0000555555792000 rw-p	[heap]
0x00007ffff75a8000 0x00007ffff778f000 r-xp	/lib/x86_64-linux-gnu/libc-2.27.so
0x00007ffff778f000 0x00007ffff798f000 ---p	/lib/x86_64-linux-gnu/libc-2.27.so
0x00007ffff798f000 0x00007ffff7993000 r--p	/lib/x86_64-linux-gnu/libc-2.27.so
0x00007ffff7993000 0x00007ffff7995000 rw-p	/lib/x86_64-linux-gnu/libc-2.27.so
0x00007ffff7995000 0x00007ffff7999000 rw-p	mapped
0x00007ffff7999000 0x00007ffff79b3000 r-xp	/lib/x86_64-linux-gnu/libpthread-2.27.so
0x00007ffff79b3000 0x00007ffff7bb2000 ---p	/lib/x86_64-linux-gnu/libpthread-2.27.so
0x00007ffff7bb2000 0x00007ffff7bb3000 r--p	/lib/x86_64-linux-gnu/libpthread-2.27.so
0x00007ffff7bb3000 0x00007ffff7bb4000 rw-p	/lib/x86_64-linux-gnu/libpthread-2.27.so
0x00007ffff7bb4000 0x00007ffff7bb8000 rw-p	mapped
0x00007ffff7bb8000 0x00007ffff7bd4000 r-xp	/lib/x86_64-linux-gnu/libz.so.1.2.11
0x00007ffff7bd4000 0x00007ffff7dd3000 ---p	/lib/x86_64-linux-gnu/libz.so.1.2.11
0x00007ffff7dd3000 0x00007ffff7dd4000 r--p	/lib/x86_64-linux-gnu/libz.so.1.2.11
0x00007ffff7dd4000 0x00007ffff7dd5000 rw-p	/lib/x86_64-linux-gnu/libz.so.1.2.11
0x00007ffff7dd5000 0x00007ffff7dfc000 r-xp	/lib/x86_64-linux-gnu/ld-2.27.so
0x00007ffff7fdd000 0x00007ffff7fe2000 rw-p	mapped
0x00007ffff7ff7000 0x00007ffff7ffa000 r--p	[vvar]
0x00007ffff7ffa000 0x00007ffff7ffc000 r-xp	[vdso]
0x00007ffff7ffc000 0x00007ffff7ffd000 r--p	/lib/x86_64-linux-gnu/ld-2.27.so
0x00007ffff7ffd000 0x00007ffff7ffe000 rw-p	/lib/x86_64-linux-gnu/ld-2.27.so
0x00007ffff7ffe000 0x00007ffff7fff000 rw-p	mapped
0x00007ffffffdd000 0x00007ffffffff000 rw-p	[stack]
0xffffffffff600000 0xffffffffff601000 r-xp	[vsyscall]
gdb-peda$

man page output fails lintian checks on Debian

From PAPPL issue #136, it looks like codedoc needs to quote single quotes and not use the IN macro.

michaelrsweet / codedoc Goto Github PK

codedoc's Introduction

Codedoc v3.7

Building Codedoc

Installing Codedoc

Documentation

Getting Help And Reporting Problems

Legal Stuff

codedoc's People

Contributors

Stargazers

Watchers

Forkers

codedoc's Issues

Recommend Projects

Recommend Topics

Recommend Org