From 4fcca957b9e3352fc6fcf2ff052fea22dc29f877 Mon Sep 17 00:00:00 2001
From: schwarze <schwarze@openbsd.org>
Date: Thu, 18 Dec 2014 17:43:07 +0000
Subject: [PATCH] Don't let the modulo operator divide by zero. Found by jsg@
 with afl.

---
 regress/usr.bin/mandoc/roff/nr/divzero.in        |  7 ++++---
 regress/usr.bin/mandoc/roff/nr/divzero.out_ascii |  4 ++--
 regress/usr.bin/mandoc/roff/nr/divzero.out_lint  |  1 +
 usr.bin/mandoc/roff.c                            | 10 ++++++++--
 4 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/regress/usr.bin/mandoc/roff/nr/divzero.in b/regress/usr.bin/mandoc/roff/nr/divzero.in
index d8983f133fa..8f776bf3e79 100644
--- a/regress/usr.bin/mandoc/roff/nr/divzero.in
+++ b/regress/usr.bin/mandoc/roff/nr/divzero.in
@@ -1,7 +1,8 @@
-.TH NR-DIVZERO 1 "October 19, 2014" OpenBSD
+.TH NR-DIVZERO 1 "December 18, 2014" OpenBSD
 .SH NAME
 nr-divzero \- division by zero in numerical expression
 .SH DESCRIPTION
 initial text
-.nr result 1/0
-final \n[result] text
+.nr divresult 1/0
+.nr modresult 1%0
+final \n[divresult] \n[modresult] text
diff --git a/regress/usr.bin/mandoc/roff/nr/divzero.out_ascii b/regress/usr.bin/mandoc/roff/nr/divzero.out_ascii
index fe0cbbb5d93..26d93c26249 100644
--- a/regress/usr.bin/mandoc/roff/nr/divzero.out_ascii
+++ b/regress/usr.bin/mandoc/roff/nr/divzero.out_ascii
@@ -6,8 +6,8 @@ NNAAMMEE
        nr-divzero - division by zero in numerical expression
 
 DDEESSCCRRIIPPTTIIOONN
-       initial text final 0 text
+       initial text final 0 0 text
 
 
 
-OpenBSD                        October 19, 2014                  NR-DIVZERO(1)
+OpenBSD                        December 18, 2014                 NR-DIVZERO(1)
diff --git a/regress/usr.bin/mandoc/roff/nr/divzero.out_lint b/regress/usr.bin/mandoc/roff/nr/divzero.out_lint
index aa56502d79a..8177c0b8a1e 100644
--- a/regress/usr.bin/mandoc/roff/nr/divzero.out_lint
+++ b/regress/usr.bin/mandoc/roff/nr/divzero.out_lint
@@ -1 +1,2 @@
 mandoc: divzero.in:6:4: ERROR: divide by zero: 1/0
+mandoc: divzero.in:7:4: ERROR: divide by zero: 1%0
diff --git a/usr.bin/mandoc/roff.c b/usr.bin/mandoc/roff.c
index 10b566ab564..edd8b40798c 100644
--- a/usr.bin/mandoc/roff.c
+++ b/usr.bin/mandoc/roff.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: roff.c,v 1.115 2014/12/16 23:44:16 schwarze Exp $ */
+/*	$OpenBSD: roff.c,v 1.116 2014/12/18 17:43:07 schwarze Exp $ */
 /*
  * Copyright (c) 2010, 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2010-2014 Ingo Schwarze <schwarze@openbsd.org>
@@ -1574,7 +1574,7 @@ roff_evalnum(struct roff *r, int ln, const char *v,
 			*res *= operand2;
 			break;
 		case '/':
-			if (0 == operand2) {
+			if (operand2 == 0) {
 				mandoc_msg(MANDOCERR_DIVZERO,
 					r->parse, ln, *pos, v);
 				*res = 0;
@@ -1583,6 +1583,12 @@ roff_evalnum(struct roff *r, int ln, const char *v,
 			*res /= operand2;
 			break;
 		case '%':
+			if (operand2 == 0) {
+				mandoc_msg(MANDOCERR_DIVZERO,
+					r->parse, ln, *pos, v);
+				*res = 0;
+				break;
+			}
 			*res %= operand2;
 			break;
 		case '<':
-- 
2.20.1