From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from localhost (fantadrom.bsd.lv [local]); by fantadrom.bsd.lv (OpenSMTPD) with ESMTPA id 4bbfe7ec; for ; Sun, 28 Dec 2014 09:16:56 -0500 (EST) Date: Sun, 28 Dec 2014 09:16:56 -0500 (EST) Message-Id: <16489741838217958362.enqueue@fantadrom.bsd.lv> X-Mailinglist: mdocml-source Reply-To: source@mdocml.bsd.lv MIME-Version: 1.0 From: schwarze@mdocml.bsd.lv To: source@mdocml.bsd.lv Subject: mdocml: improve previous: do the size check up front to avoid leaking X-Mailer: activitymail 1.26, http://search.cpan.org/dist/activitymail/ Content-Type: text/plain; charset=utf-8 Log Message: ----------- improve previous: do the size check up front to avoid leaking memory Modified Files: -------------- mdocml: roff.c Revision Data ------------- Index: roff.c =================================================================== RCS file: /home/cvs/mdocml/mdocml/roff.c,v retrieving revision 1.245 retrieving revision 1.246 diff -Lroff.c -Lroff.c -u -p -r1.245 -r1.246 --- roff.c +++ roff.c @@ -651,6 +651,10 @@ roff_res(struct roff *r, struct buf *buf r->parse, ln, (int)(stesc - buf->buf), "%.*s", (int)naml, stnam); res = ""; + } else if (buf->sz + strlen(res) > SHRT_MAX) { + mandoc_msg(MANDOCERR_ROFFLOOP, r->parse, + ln, (int)(stesc - buf->buf), NULL); + return(ROFF_IGN); } /* Replace the escape sequence by the string. */ @@ -658,12 +662,6 @@ roff_res(struct roff *r, struct buf *buf *stesc = '\0'; buf->sz = mandoc_asprintf(&nbuf, "%s%s%s", buf->buf, res, cp) + 1; - - if (buf->sz > SHRT_MAX) { - mandoc_msg(MANDOCERR_ROFFLOOP, r->parse, - ln, (int)(stesc - buf->buf), NULL); - return(ROFF_IGN); - } /* Prepare for the next replacement. */ -- To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv