From 29079a11d063763a0a8ed318a738b88f64fd3d44 Mon Sep 17 00:00:00 2001 From: schwarze Date: Sun, 22 Oct 2023 16:01:58 +0000 Subject: [PATCH] While doing delayed expansion of escape sequences in macro arguments, correctly check for failure of the in-place expansion function. If an argument not only does recursive delayed expansion but infinitely recursive delayed expansion, this bug could result in an ESCAPE_EXPAND assertion failure. Thanks to Eric van Gyzen for finding this bug by inspecting FreeBSD source code. --- usr.bin/mandoc/roff.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr.bin/mandoc/roff.c b/usr.bin/mandoc/roff.c index 20aa69cfb96..4a2784ba87c 100644 --- a/usr.bin/mandoc/roff.c +++ b/usr.bin/mandoc/roff.c @@ -1,4 +1,4 @@ -/* $OpenBSD: roff.c,v 1.269 2023/10/21 17:10:12 schwarze Exp $ */ +/* $OpenBSD: roff.c,v 1.270 2023/10/22 16:01:58 schwarze Exp $ */ /* * Copyright (c) 2010-2015, 2017-2022 Ingo Schwarze * Copyright (c) 2008-2012, 2014 Kristaps Dzonsons @@ -1687,7 +1687,7 @@ roff_getarg(struct roff *r, char **cpp, int ln, int *pos) buf.buf = start; buf.sz = strlen(start) + 1; buf.next = NULL; - if (roff_expand(r, &buf, ln, 0, '\\') & ROFF_IGN) { + if (roff_expand(r, &buf, ln, 0, '\\') == ROFF_IGN) { free(buf.buf); buf.buf = mandoc_strdup(""); } -- 2.20.1