From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from localhost (fantadrom.bsd.lv [local]); by fantadrom.bsd.lv (OpenSMTPD) with ESMTPA id c44f688b; for ; Mon, 15 Dec 2014 20:22:59 -0500 (EST) Date: Mon, 15 Dec 2014 20:22:59 -0500 (EST) Message-Id: <17479847059278176005.enqueue@fantadrom.bsd.lv> X-Mailinglist: mdocml-source Reply-To: source@mdocml.bsd.lv MIME-Version: 1.0 From: schwarze@mdocml.bsd.lv To: source@mdocml.bsd.lv Subject: mdocml: When a numerical condition errors out after consuming at least X-Mailer: activitymail 1.26, http://search.cpan.org/dist/activitymail/ Content-Type: text/plain; charset=utf-8 Log Message: ----------- When a numerical condition errors out after consuming at least one character of input, treat it as false, do not retry it as a string comparison condition. This also fixes a read buffer overrun that happened when the numerical condition advanced to the end of the input line before erroring out, found by jsg@ with afl. Modified Files: -------------- mdocml: roff.c Revision Data ------------- Index: roff.c =================================================================== RCS file: /home/cvs/mdocml/mdocml/roff.c,v retrieving revision 1.240 retrieving revision 1.241 diff -Lroff.c -Lroff.c -u -p -r1.240 -r1.241 --- roff.c +++ roff.c @@ -1249,7 +1249,7 @@ out: static int roff_evalcond(struct roff *r, int ln, const char *v, int *pos) { - int wanttrue, number; + int number, savepos, wanttrue; if ('!' == v[*pos]) { wanttrue = 0; @@ -1282,10 +1282,13 @@ roff_evalcond(struct roff *r, int ln, co break; } + savepos = *pos; if (roff_evalnum(r, ln, v, pos, &number, 0)) return((number > 0) == wanttrue); - else + else if (*pos == savepos) return(roff_evalstrcond(v, pos) == wanttrue); + else + return (0); } static enum rofferr -- To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv