From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from krisdoz.my.domain (schwarze@localhost [127.0.0.1]) by krisdoz.my.domain (8.14.3/8.14.3) with ESMTP id p8INpV0B006492 for ; Sun, 18 Sep 2011 19:51:31 -0400 (EDT) Received: (from schwarze@localhost) by krisdoz.my.domain (8.14.3/8.14.3/Submit) id p8INpVck032143; Sun, 18 Sep 2011 19:51:31 -0400 (EDT) Date: Sun, 18 Sep 2011 19:51:31 -0400 (EDT) Message-Id: <201109182351.p8INpVck032143@krisdoz.my.domain> X-Mailinglist: mdocml-source Reply-To: source@mdocml.bsd.lv MIME-Version: 1.0 From: schwarze@mdocml.bsd.lv To: source@mdocml.bsd.lv Subject: mdocml: Fix another regression introduced in 1.11.7: If a string is X-Mailer: activitymail 1.26, http://search.cpan.org/dist/activitymail/ Content-Type: text/plain; charset=utf-8 Log Message: ----------- Fix another regression introduced in 1.11.7: If a string is defined in terms of itself, the REPARSE_LIMIT in read.c used to break the cycle. This no longer works since all the work is now done in the function roff_res(), looping indefinitely. Make this loop finite by arbitrarily limiting the number of times one string may be expanded; when that limit is reached, leave the remaining string references unexpanded. This changes behaviour compared to 1.11.5, where the whole line would have been dropped. The new behaviour is better because it loses less information. We don't want to imitate groff-1.20.1 behaviour anyway because groff aborts parsing of the whole file. ok kristaps@ Modified Files: -------------- mdocml: roff.c Revision Data ------------- Index: roff.c =================================================================== RCS file: /usr/vhosts/mdocml.bsd.lv/cvs/mdocml/roff.c,v retrieving revision 1.169 retrieving revision 1.170 diff -Lroff.c -Lroff.c -u -p -r1.169 -r1.170 --- roff.c +++ roff.c @@ -31,6 +31,9 @@ /* Maximum number of nested if-else conditionals. */ #define RSTACK_MAX 128 +/* Maximum number of string expansions per line, to break infinite loops. */ +#define EXPAND_LIMIT 1000 + enum rofft { ROFF_ad, ROFF_am, @@ -437,10 +440,12 @@ roff_res(struct roff *r, char **bufp, si const char *stnam; /* start of the name, after "[(*" */ const char *cp; /* end of the name, e.g. before ']' */ const char *res; /* the string to be substituted */ - int i, maxl; + int i, maxl, expand_count; size_t nsz; char *n; + expand_count = 0; + again: cp = *bufp + pos; while (NULL != (cp = strchr(cp, '\\'))) { @@ -535,7 +540,13 @@ again: *bufp = n; *szp = nsz; - goto again; + + if (EXPAND_LIMIT >= ++expand_count) + goto again; + + /* Just leave the string unexpanded. */ + mandoc_msg(MANDOCERR_ROFFLOOP, r->parse, ln, pos, NULL); + return; } } -- To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv