From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from krisdoz.my.domain (kristaps@localhost [127.0.0.1]) by krisdoz.my.domain (8.14.5/8.14.5) with ESMTP id s7I9BmF1008813 for ; Mon, 18 Aug 2014 05:11:48 -0400 (EDT) Received: (from kristaps@localhost) by krisdoz.my.domain (8.14.5/8.14.3/Submit) id s7I9BmfT017396; Mon, 18 Aug 2014 05:11:48 -0400 (EDT) Date: Mon, 18 Aug 2014 05:11:48 -0400 (EDT) Message-Id: <201408180911.s7I9BmfT017396@krisdoz.my.domain> X-Mailinglist: mdocml-source Reply-To: source@mdocml.bsd.lv MIME-Version: 1.0 From: kristaps@mdocml.bsd.lv To: source@mdocml.bsd.lv Subject: mdocml: Fix a corner case where \H (where is the \0 X-Mailer: activitymail 1.26, http://search.cpan.org/dist/activitymail/ Content-Type: text/plain; charset=utf-8 Log Message: ----------- Fix a corner case where \H (where is the \0 character) would cause mandoc_escape() to read past the end of an allocated string. Found when a script scanning of all Mac OSX manual accidentally also scanned binary (gzip'd) files, discussed with schwarze@ on tech@. Modified Files: -------------- mdocml: mandoc.c Revision Data ------------- Index: mandoc.c =================================================================== RCS file: /usr/vhosts/mdocml.bsd.lv/cvs/mdocml/mandoc.c,v retrieving revision 1.85 retrieving revision 1.86 diff -Lmandoc.c -Lmandoc.c -u -p -r1.85 -r1.86 --- mandoc.c +++ mandoc.c @@ -199,7 +199,8 @@ mandoc_escape(const char **end, const ch /* FALLTHROUGH */ case 'x': if (strchr(" %&()*+-./0123456789:<=>", **start)) { - ++*end; + if ('\0' != **start) + ++*end; return(ESCAPE_ERROR); } gly = ESCAPE_IGNORE; -- To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv