From f2c51b35ab97b65737c2eb1581b62ac6373aae7b Mon Sep 17 00:00:00 2001 From: schwarze Date: Wed, 24 Dec 2014 15:37:23 +0000 Subject: [PATCH] Prevent unsigned integer underflow when a number is too wide for a table cell with an "nz" layout specification, causing essentially infinite output as found by jsg@ with afl. --- regress/usr.bin/mandoc/tbl/Makefile | 16 +++++++++++--- regress/usr.bin/mandoc/tbl/misalign.in | 16 ++++++++++++++ regress/usr.bin/mandoc/tbl/misalign.out_ascii | 22 +++++++++++++++++++ usr.bin/mandoc/tbl_term.c | 12 ++++++---- 4 files changed, 59 insertions(+), 7 deletions(-) create mode 100644 regress/usr.bin/mandoc/tbl/misalign.in create mode 100644 regress/usr.bin/mandoc/tbl/misalign.out_ascii diff --git a/regress/usr.bin/mandoc/tbl/Makefile b/regress/usr.bin/mandoc/tbl/Makefile index 95f1bb4f971..4213a0626ed 100644 --- a/regress/usr.bin/mandoc/tbl/Makefile +++ b/regress/usr.bin/mandoc/tbl/Makefile @@ -1,8 +1,18 @@ -# $OpenBSD: Makefile,v 1.5 2014/12/16 23:44:16 schwarze Exp $ +# $OpenBSD: Makefile,v 1.6 2014/12/24 15:37:23 schwarze Exp $ -REGRESS_TARGETS = center fonts macro nested numbers span vert +REGRESS_TARGETS = center fonts macro misalign nested numbers span vert LINT_TARGETS = macro nested -SKIP_GROFF = nested + +# groff-1.22.3 defect: +# - When space is insufficient (on either side) for properly aligning +# a number, GNU tbl(1) moves the number too much to the right, +# overflowing the column, even if space would be sufficient without +# left padding. + +# trivial difference to groff-1.22.3: +# .TS in a table causes a blank table line in GNU tbl(1), but not in mandoc. + +SKIP_GROFF = misalign nested SKIP_TMAN ?= ALL TBL = /usr/local/bin/tbl diff --git a/regress/usr.bin/mandoc/tbl/misalign.in b/regress/usr.bin/mandoc/tbl/misalign.in new file mode 100644 index 00000000000..d7d3226240b --- /dev/null +++ b/regress/usr.bin/mandoc/tbl/misalign.in @@ -0,0 +1,16 @@ +.TH TBL-MISALIGN 1 "December 24, 2014" OpenBSD +.SH NAME +tbl-misalign \- failing alignment in tables +.SH DESCRIPTION +normal text +.TS +box tab(:); +n, nz. +12.34 +_ +100.0 +0.001 +_ +1000.0 +0.0001 +.TE diff --git a/regress/usr.bin/mandoc/tbl/misalign.out_ascii b/regress/usr.bin/mandoc/tbl/misalign.out_ascii new file mode 100644 index 00000000000..324ee7e518c --- /dev/null +++ b/regress/usr.bin/mandoc/tbl/misalign.out_ascii @@ -0,0 +1,22 @@ +TBL-MISALIGN(1) General Commands Manual TBL-MISALIGN(1) + + + +NNAAMMEE + tbl-misalign - failing alignment in tables + +DDEESSCCRRIIPPTTIIOONN + normal text + + +------+ + |12.34 | + +------+ + |100.0 | + |0.001 | + +------+ + |1000.0 | + |0.0001 | + +------+ + + +OpenBSD December 24, 2014 TBL-MISALIGN(1) diff --git a/usr.bin/mandoc/tbl_term.c b/usr.bin/mandoc/tbl_term.c index 0bc8a1cfcf3..c6c6d2b6f41 100644 --- a/usr.bin/mandoc/tbl_term.c +++ b/usr.bin/mandoc/tbl_term.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tbl_term.c,v 1.19 2014/10/14 18:16:57 schwarze Exp $ */ +/* $OpenBSD: tbl_term.c,v 1.20 2014/12/24 15:37:23 schwarze Exp $ */ /* * Copyright (c) 2009, 2011 Kristaps Dzonsons * Copyright (c) 2011, 2012, 2014 Ingo Schwarze @@ -415,9 +415,13 @@ tbl_number(struct termp *tp, const struct tbl_opts *opts, } else d = sz + psz; - padl = col->decimal - d; - - tbl_char(tp, ASCII_NBRSP, padl); + if (col->decimal > d && col->width > sz) { + padl = col->decimal - d; + if (padl + sz > col->width) + padl = col->width - sz; + tbl_char(tp, ASCII_NBRSP, padl); + } else + padl = 0; tbl_word(tp, dp); if (col->width > sz + padl) tbl_char(tp, ASCII_NBRSP, col->width - sz - padl); -- 2.20.1