* mdocml: When a numerical condition errors out after consuming at least
@ 2014-12-16 1:22 schwarze
0 siblings, 0 replies; only message in thread
From: schwarze @ 2014-12-16 1:22 UTC (permalink / raw)
To: source
Log Message:
-----------
When a numerical condition errors out after consuming at least one
character of input, treat it as false, do not retry it as a string
comparison condition. This also fixes a read buffer overrun that
happened when the numerical condition advanced to the end of the
input line before erroring out, found by jsg@ with afl.
Modified Files:
--------------
mdocml:
roff.c
Revision Data
-------------
Index: roff.c
===================================================================
RCS file: /home/cvs/mdocml/mdocml/roff.c,v
retrieving revision 1.240
retrieving revision 1.241
diff -Lroff.c -Lroff.c -u -p -r1.240 -r1.241
--- roff.c
+++ roff.c
@@ -1249,7 +1249,7 @@ out:
static int
roff_evalcond(struct roff *r, int ln, const char *v, int *pos)
{
- int wanttrue, number;
+ int number, savepos, wanttrue;
if ('!' == v[*pos]) {
wanttrue = 0;
@@ -1282,10 +1282,13 @@ roff_evalcond(struct roff *r, int ln, co
break;
}
+ savepos = *pos;
if (roff_evalnum(r, ln, v, pos, &number, 0))
return((number > 0) == wanttrue);
- else
+ else if (*pos == savepos)
return(roff_evalstrcond(v, pos) == wanttrue);
+ else
+ return (0);
}
static enum rofferr
--
To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2014-12-16 1:22 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-12-16 1:22 mdocml: When a numerical condition errors out after consuming at least schwarze
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).