When parsing a macro argument results in delayed escape sequence

expansion, re-check for all contained escape sequences whether they
need delayed expansion, not just for the particular escape sequences
that triggered delayed expansion in the first place.  This is needed
because delayed expansion can result in strings containing nested
escape sequences recursively needing delayed expansion, too.

This fixes an assertion failure in krb5_openlog(3), see:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266882

Thanks to Wolfram Schneider <wosch at FreeBSD> for reporting the bug
and to Baptiste Daroussin <bapt at FreeBSD> for forwarding the report.

diff --git a/usr.bin/mandoc/mandoc.h b/usr.bin/mandoc/mandoc.h
index c1dc912..16493d2 100644 (file)
--- a/usr.bin/mandoc/mandoc.h
+++ b/usr.bin/mandoc/mandoc.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: mandoc.h,v 1.223 2022/08/16 17:29:18 schwarze Exp $ */
+/* $OpenBSD: mandoc.h,v 1.224 2023/10/21 17:10:12 schwarze Exp $ */
 /*
  * Copyright (c) 2012-2022 Ingo Schwarze <schwarze@openbsd.org>
  * Copyright (c) 2010, 2011, 2014 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -23,7 +23,6 @@
 #define ASCII_NBRZW     30  /* non-breaking zero-width space */
 #define ASCII_BREAK     29  /* breakable zero-width space */
 #define ASCII_HYPH      28  /* breakable hyphen */
-#define ASCII_ESC       27  /* escape sequence from copy-in processing */
 #define ASCII_TABREF    26  /* reset tab reference position */
 
 /*

diff --git a/usr.bin/mandoc/roff.c b/usr.bin/mandoc/roff.c
index f5247b6..20aa69c 100644 (file)
--- a/usr.bin/mandoc/roff.c
+++ b/usr.bin/mandoc/roff.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: roff.c,v 1.268 2022/12/26 19:16:02 jmc Exp $ */
+/* $OpenBSD: roff.c,v 1.269 2023/10/21 17:10:12 schwarze Exp $ */
 /*
  * Copyright (c) 2010-2015, 2017-2022 Ingo Schwarze <schwarze@openbsd.org>
  * Copyright (c) 2008-2012, 2014 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -1385,7 +1385,7 @@ roff_expand(struct roff *r, struct buf *buf, int ln, int pos, char ec)
                 */
 
                if (buf->buf[pos] != ec) {
-                       if (ec != ASCII_ESC && buf->buf[pos] == '\\') {
+                       if (buf->buf[pos] == '\\') {
                                roff_expand_patch(buf, pos, "\\e", pos + 1);
                                pos++;
                        }
@@ -1630,12 +1630,7 @@ roff_getarg(struct roff *r, char **cpp, int ln, int *pos)
                                cp++;
                                break;
                        case '\\':
-                               /*
-                                * Signal to roff_expand() that an escape
-                                * sequence resulted from copy-in processing
-                                * and needs to be checked or interpolated.
-                                */
-                               cp[-pairs] = ASCII_ESC;
+                               cp[-pairs] = '\\';
                                newesc = 1;
                                pairs++;
                                cp++;
@@ -1692,7 +1687,7 @@ roff_getarg(struct roff *r, char **cpp, int ln, int *pos)
        buf.buf = start;
        buf.sz = strlen(start) + 1;
        buf.next = NULL;
-       if (roff_expand(r, &buf, ln, 0, ASCII_ESC) & ROFF_IGN) {
+       if (roff_expand(r, &buf, ln, 0, '\\') & ROFF_IGN) {
                free(buf.buf);
                buf.buf = mandoc_strdup("");
        }