artulab
projects / openbsd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 39a71cb)
Fix a read buffer overrun triggered by trailing \s- or trailing \s+
authorschwarze <schwarze@openbsd.org>
Thu, 1 Jan 2015 18:10:09 +0000 (18:10 +0000)
committerschwarze <schwarze@openbsd.org>
Thu, 1 Jan 2015 18:10:09 +0000 (18:10 +0000)
without the required subsequent argument; found by jsg@ with afl.

regress/usr.bin/mandoc/roff/esc/Makefile patch | blob | history
regress/usr.bin/mandoc/roff/esc/ignore.in patch | blob | history
regress/usr.bin/mandoc/roff/esc/ignore.out_ascii patch | blob | history
regress/usr.bin/mandoc/roff/esc/ignore.out_lint [new file with mode: 0644] patch | blob
usr.bin/mandoc/mandoc.c patch | blob | history

diff --git a/regress/usr.bin/mandoc/roff/esc/Makefile b/regress/usr.bin/mandoc/roff/esc/Makefile
index 5327ae0..92db491 100644 (file)
--- a/regress/usr.bin/mandoc/roff/esc/Makefile
+++ b/regress/usr.bin/mandoc/roff/esc/Makefile
@@ -1,7 +1,7 @@
-# $OpenBSD: Makefile,v 1.8 2014/12/03 01:06:22 schwarze Exp $
+# $OpenBSD: Makefile,v 1.9 2015/01/01 18:10:09 schwarze Exp $
 
 REGRESS_TARGETS = one two multi B c c_man e f h w z ignore
-LINT_TARGETS   = B h w
+LINT_TARGETS   = B h w ignore
 
 # Postprocessing to remove "character backspace" sequences
 # unless they are followed by the same character again.
diff --git a/regress/usr.bin/mandoc/roff/esc/ignore.in b/regress/usr.bin/mandoc/roff/esc/ignore.in
index a7350b8..4be7fb6 100644 (file)
--- a/regress/usr.bin/mandoc/roff/esc/ignore.in
+++ b/regress/usr.bin/mandoc/roff/esc/ignore.in
@@ -1,4 +1,4 @@
-.Dd May 28, 2012
+.Dd January 1, 2015
 .Dt ESC-IGNORE 1
 .Os OpenBSD
 .Sh NAME
@@ -10,3 +10,5 @@ multiform: a\kxb\k(xyc\k[xyz]d
 quoted: a\R'myreg 0'b\R'myreg \A'y'0'c
 .br
 sizes: a\s0b\s(12c\s[123]d\s'123'e\s'1\w'xy'2'f
+.br
+signed sizes: a\s-0b\s-(12c\s-[123]d\s-'123'e\s-'1\w'xy'2'f\s-
diff --git a/regress/usr.bin/mandoc/roff/esc/ignore.out_ascii b/regress/usr.bin/mandoc/roff/esc/ignore.out_ascii
index f147aa3..5e41d49 100644 (file)
--- a/regress/usr.bin/mandoc/roff/esc/ignore.out_ascii
+++ b/regress/usr.bin/mandoc/roff/esc/ignore.out_ascii
@@ -7,5 +7,6 @@ D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
      multiform: abcd
      quoted: abc
      sizes: abcdef
+     signed sizes: abcdef
 
-OpenBSD                          May 28, 2012                          OpenBSD
+OpenBSD                         January 1, 2015                        OpenBSD
diff --git a/regress/usr.bin/mandoc/roff/esc/ignore.out_lint b/regress/usr.bin/mandoc/roff/esc/ignore.out_lint
new file mode 100644 (file)
index 0000000..c163d60
--- /dev/null
+++ b/regress/usr.bin/mandoc/roff/esc/ignore.out_lint
@@ -0,0 +1 @@
+mandoc: ignore.in:14:60: WARNING: invalid escape sequence: \s-
diff --git a/usr.bin/mandoc/mandoc.c b/usr.bin/mandoc/mandoc.c
index 16c4f02..362edb9 100644 (file)
--- a/usr.bin/mandoc/mandoc.c
+++ b/usr.bin/mandoc/mandoc.c
@@ -1,7 +1,7 @@
-/*     $OpenBSD: mandoc.c,v 1.57 2014/12/15 17:29:58 schwarze Exp $ */
+/*     $OpenBSD: mandoc.c,v 1.58 2015/01/01 18:10:09 schwarze Exp $ */
 /*
- * Copyright (c) 2008, 2009, 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv>
- * Copyright (c) 2011, 2012, 2013, 2014 Ingo Schwarze <schwarze@openbsd.org>
+ * Copyright (c) 2008-2011, 2014 Kristaps Dzonsons <kristaps@bsd.lv>
+ * Copyright (c) 2011-2015 Ingo Schwarze <schwarze@openbsd.org>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -223,7 +223,7 @@ mandoc_escape(const char **end, const char **start, int *sz)
 
                /* See +/- counts as a sign. */
                if ('+' == **end || '-' == **end || ASCII_HYPH == **end)
-                       (*end)++;
+                       *start = ++*end;
 
                switch (**end) {
                case '(':
OpenBSD src
by Ahmet Artu Yildirim