From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from krisdoz.my.domain (schwarze@localhost [127.0.0.1]) by krisdoz.my.domain (8.14.3/8.14.3) with ESMTP id oBAKwuKc011911 for ; Fri, 10 Dec 2010 15:58:57 -0500 (EST) Received: (from schwarze@localhost) by krisdoz.my.domain (8.14.3/8.14.3/Submit) id oBAKwutg032427; Fri, 10 Dec 2010 15:58:56 -0500 (EST) Date: Fri, 10 Dec 2010 15:58:56 -0500 (EST) Message-Id: <201012102058.oBAKwutg032427@krisdoz.my.domain> X-Mailinglist: mdocml-source Reply-To: source@mdocml.bsd.lv MIME-Version: 1.0 From: schwarze@mdocml.bsd.lv To: source@mdocml.bsd.lv Subject: mdocml: Abort endless loops during roff macro and string expansion. X-Mailer: activitymail 1.26, http://search.cpan.org/dist/activitymail/ Content-Type: text/plain; charset=utf-8 Log Message: ----------- Abort endless loops during roff macro and string expansion. For now, use the simplest conceivable approach, like groff does: Just a fixed, ugly input stack limit. "check it in" kristaps@ Modified Files: -------------- mdocml: main.c mandoc.h roff.7 Revision Data ------------- Index: roff.7 =================================================================== RCS file: /usr/vhosts/mdocml.bsd.lv/cvs/mdocml/roff.7,v retrieving revision 1.15 retrieving revision 1.16 diff -Lroff.7 -Lroff.7 -u -p -r1.15 -r1.16 --- roff.7 +++ roff.7 @@ -196,6 +196,12 @@ string interpolation syntax described be .Sx ds , but this is rarely useful because every macro definition contains at least one explicit newline character. +.Pp +In order to prevent endless recursion, both groff and +.Xr mandoc 1 +limit the stack depth for expanding macros and strings +to a large, but finite number. +Do not rely on the exact value of this limit. .Ss \&dei Define a user-defined .Nm Index: mandoc.h =================================================================== RCS file: /usr/vhosts/mdocml.bsd.lv/cvs/mdocml/mandoc.h,v retrieving revision 1.32 retrieving revision 1.33 diff -Lmandoc.h -Lmandoc.h -u -p -r1.32 -r1.33 --- mandoc.h +++ mandoc.h @@ -101,6 +101,7 @@ enum mandocerr { MANDOCERR_ERROR, /* ===== start of errors ===== */ + MANDOCERR_ROFFLOOP, /* input stack limit exceeded, infinite loop? */ MANDOCERR_BADCHAR, /* skipping bad character */ MANDOCERR_NOTEXT, /* skipping text before the first section header */ MANDOCERR_MACRO, /* skipping unknown macro */ Index: main.c =================================================================== RCS file: /usr/vhosts/mdocml.bsd.lv/cvs/mdocml/main.c,v retrieving revision 1.121 retrieving revision 1.122 diff -Lmain.c -Lmain.c -u -p -r1.121 -r1.122 --- main.c +++ main.c @@ -41,6 +41,7 @@ #define MAP_FILE 0 #endif +#define REPARSE_LIMIT 1000 #define UNCONST(a) ((void *)(uintptr_t)(const void *)(a)) /* FIXME: Intel's compiler? LLVM? pcc? */ @@ -89,6 +90,7 @@ struct curparse { struct mdoc *mdoc; /* mdoc parser */ struct roff *roff; /* roff parser (!NULL) */ struct regset regs; /* roff registers */ + int reparse_count; /* finite interpolation stack */ enum outt outtype; /* which output to use */ out_mdoc outmdoc; /* mdoc output ptr */ out_man outman; /* man output ptr */ @@ -177,6 +179,7 @@ static const char * const mandocerrs[MAN "generic error", + "input stack limit exceeded, infinite loop?", "skipping bad character", "skipping text before the first section header", "skipping unknown macro", @@ -665,8 +668,10 @@ parsebuf(struct curparse *curp, struct b if (0 == pos && '\0' == blk.buf[i]) break; - if (start) + if (start) { curp->line = lnn; + curp->reparse_count = 0; + } while (i < (int)blk.sz && (start || '\0' != blk.buf[i])) { if ('\n' == blk.buf[i]) { @@ -765,7 +770,11 @@ rerun: switch (rr) { case (ROFF_REPARSE): - parsebuf(curp, ln, 0); + if (REPARSE_LIMIT >= ++curp->reparse_count) + parsebuf(curp, ln, 0); + else + mmsg(MANDOCERR_ROFFLOOP, curp, + curp->line, pos, NULL); pos = 0; continue; case (ROFF_APPEND): -- To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv