From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from localhost (fantadrom.bsd.lv [local]); by fantadrom.bsd.lv (OpenSMTPD) with ESMTPA id a2130c15; for ; Thu, 1 Jan 2015 13:12:15 -0500 (EST) Date: Thu, 1 Jan 2015 13:12:15 -0500 (EST) Message-Id: <13606321612955875006.enqueue@fantadrom.bsd.lv> X-Mailinglist: mdocml-source Reply-To: source@mdocml.bsd.lv MIME-Version: 1.0 From: schwarze@mdocml.bsd.lv To: source@mdocml.bsd.lv Subject: mdocml: Fix a read buffer overrun triggered by trailing \s- or trailing X-Mailer: activitymail 1.26, http://search.cpan.org/dist/activitymail/ Content-Type: text/plain; charset=utf-8 Log Message: ----------- Fix a read buffer overrun triggered by trailing \s- or trailing \s+ without the required subsequent argument; found by jsg@ with afl. Modified Files: -------------- mdocml: mandoc.c Revision Data ------------- Index: mandoc.c =================================================================== RCS file: /home/cvs/mdocml/mdocml/mandoc.c,v retrieving revision 1.89 retrieving revision 1.90 diff -Lmandoc.c -Lmandoc.c -u -p -r1.89 -r1.90 --- mandoc.c +++ mandoc.c @@ -1,7 +1,7 @@ /* $Id$ */ /* - * Copyright (c) 2008, 2009, 2010, 2011 Kristaps Dzonsons - * Copyright (c) 2011, 2012, 2013, 2014 Ingo Schwarze + * Copyright (c) 2008-2011, 2014 Kristaps Dzonsons + * Copyright (c) 2011-2015 Ingo Schwarze * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -225,7 +225,7 @@ mandoc_escape(const char **end, const ch /* See +/- counts as a sign. */ if ('+' == **end || '-' == **end || ASCII_HYPH == **end) - (*end)++; + *start = ++*end; switch (**end) { case '(': -- To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv