From: schwarze@mandoc.bsd.lv
To: source@mandoc.bsd.lv
Subject: mandoc: If a .shift request has a negative argument, do not use a
Date: Sun, 24 Apr 2022 08:39:19 -0500 (EST) [thread overview]
Message-ID: <336513f2c1872280@mandoc.bsd.lv> (raw)
Log Message:
-----------
If a .shift request has a negative argument, do not use a negative array
index but use 0 instead of the argument, just like groff.
Warn about the invalid argument.
While here, fix the column number in another warning message.
Segfault reported by tb@, found with afl(1).
Modified Files:
--------------
mandoc:
mandoc.1
mandoc.h
mandoc_msg.c
roff.c
mandoc/regress/roff/shift:
bad.in
bad.out_ascii
bad.out_lint
Revision Data
-------------
Index: mandoc_msg.c
===================================================================
RCS file: /home/cvs/mandoc/mandoc/mandoc_msg.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -Lmandoc_msg.c -Lmandoc_msg.c -u -p -r1.16 -r1.17
--- mandoc_msg.c
+++ mandoc_msg.c
@@ -1,6 +1,6 @@
/* $OpenBSD: mandoc_msg.c,v 1.8 2020/01/19 17:59:01 schwarze Exp $ */
/*
- * Copyright (c) 2014-2021 Ingo Schwarze <schwarze@openbsd.org>
+ * Copyright (c) 2014-2022 Ingo Schwarze <schwarze@openbsd.org>
* Copyright (c) 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv>
*
* Permission to use, copy, modify, and distribute this software for any
@@ -216,6 +216,7 @@ static const char *const type_message[MA
"escaped character not allowed in a name",
"using macro argument outside macro",
"argument number is not numeric",
+ "negative argument, using 0",
"NOT IMPLEMENTED: Bd -file",
"skipping display without arguments",
"missing list type, using -item",
Index: mandoc.h
===================================================================
RCS file: /home/cvs/mandoc/mandoc/mandoc.h,v
retrieving revision 1.274
retrieving revision 1.275
diff -Lmandoc.h -Lmandoc.h -u -p -r1.274 -r1.275
--- mandoc.h
+++ mandoc.h
@@ -1,6 +1,6 @@
/* $Id$ */
/*
- * Copyright (c) 2012-2021 Ingo Schwarze <schwarze@openbsd.org>
+ * Copyright (c) 2012-2022 Ingo Schwarze <schwarze@openbsd.org>
* Copyright (c) 2010, 2011, 2014 Kristaps Dzonsons <kristaps@bsd.lv>
*
* Permission to use, copy, modify, and distribute this software for any
@@ -215,6 +215,7 @@ enum mandocerr {
MANDOCERR_NAMESC, /* escaped character not allowed in a name: name */
MANDOCERR_ARG_UNDEF, /* using macro argument outside macro */
MANDOCERR_ARG_NONUM, /* argument number is not numeric */
+ MANDOCERR_ARG_NEG, /* negative argument, using 0: request arg */
MANDOCERR_BD_FILE, /* NOT IMPLEMENTED: Bd -file */
MANDOCERR_BD_NOARG, /* skipping display without arguments: Bd */
MANDOCERR_BL_NOTYPE, /* missing list type, using -item: Bl */
Index: mandoc.1
===================================================================
RCS file: /home/cvs/mandoc/mandoc/mandoc.1,v
retrieving revision 1.256
retrieving revision 1.257
diff -Lmandoc.1 -Lmandoc.1 -u -p -r1.256 -r1.257
--- mandoc.1
+++ mandoc.1
@@ -1,6 +1,6 @@
.\" $Id$
.\"
-.\" Copyright (c) 2012, 2014-2021 Ingo Schwarze <schwarze@openbsd.org>
+.\" Copyright (c) 2012, 2014-2022 Ingo Schwarze <schwarze@openbsd.org>
.\" Copyright (c) 2009, 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -2082,6 +2082,13 @@ and expands to the empty string.
.Pq roff
The argument of the escape sequence \e$ is not a digit;
the escape sequence expands to the empty string.
+.It Sy "negative argument, using 0"
+.Pq roff
+A
+.Ic \&shift
+request has a negative argument
+or an argument that is negative due to integer overflow.
+Macro argument numbering remains unchanged.
.It Sy "NOT IMPLEMENTED: Bd -file"
.Pq mdoc
For security reasons, the
Index: roff.c
===================================================================
RCS file: /home/cvs/mandoc/mandoc/roff.c,v
retrieving revision 1.381
retrieving revision 1.382
diff -Lroff.c -Lroff.c -u -p -r1.381 -r1.382
--- roff.c
+++ roff.c
@@ -3870,8 +3870,9 @@ static int
roff_shift(ROFF_ARGS)
{
struct mctx *ctx;
- int levels, i;
+ int argpos, levels, i;
+ argpos = pos;
levels = 1;
if (buf->buf[pos] != '\0' &&
roff_evalnum(r, ln, buf->buf, &pos, &levels, 0) == 0) {
@@ -3886,8 +3887,12 @@ roff_shift(ROFF_ARGS)
ctx = r->mstack + r->mstackpos;
if (levels > ctx->argc) {
mandoc_msg(MANDOCERR_SHIFT,
- ln, pos, "%d, but max is %d", levels, ctx->argc);
+ ln, argpos, "%d, but max is %d", levels, ctx->argc);
levels = ctx->argc;
+ }
+ if (levels < 0) {
+ mandoc_msg(MANDOCERR_ARG_NEG, ln, argpos, "shift %d", levels);
+ levels = 0;
}
if (levels == 0)
return ROFF_IGN;
Index: bad.out_lint
===================================================================
RCS file: /home/cvs/mandoc/mandoc/regress/roff/shift/bad.out_lint,v
retrieving revision 1.1
retrieving revision 1.2
diff -Lregress/roff/shift/bad.out_lint -Lregress/roff/shift/bad.out_lint -u -p -r1.1 -r1.2
--- regress/roff/shift/bad.out_lint
+++ regress/roff/shift/bad.out_lint
@@ -3,5 +3,6 @@ mandoc: bad.in:15:2: ERROR: ignoring req
mandoc: bad.in:17:31: ERROR: argument number is not numeric: \$x
mandoc: bad.in:19:28: ERROR: using macro argument outside macro: \$1
mandoc: bad.in:20:2: ERROR: ignoring request outside macro: shift
-mandoc: bad.in:28:8: ERROR: argument is not numeric, using 1: shift badarg
-mandoc: bad.in:28:9: ERROR: excessive shift: 2, but max is 1
+mandoc: bad.in:32:8: ERROR: argument is not numeric, using 1: shift badarg
+mandoc: bad.in:32:8: ERROR: negative argument, using 0: shift -1
+mandoc: bad.in:32:8: ERROR: excessive shift: 2, but max is 1
Index: bad.out_ascii
===================================================================
RCS file: /home/cvs/mandoc/mandoc/regress/roff/shift/bad.out_ascii,v
retrieving revision 1.2
retrieving revision 1.3
diff -Lregress/roff/shift/bad.out_ascii -Lregress/roff/shift/bad.out_ascii -u -p -r1.2 -r1.3
--- regress/roff/shift/bad.out_ascii
+++ regress/roff/shift/bad.out_ascii
@@ -14,8 +14,10 @@ D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
argument used after call: ""
- after shift badarg: "arg2" after excessive shift: 0 ""
+ after shift badarg: "arg2"
+ after shift -1: "arg2"
+ after excessive shift: 0 ""
final text
-OpenBSD August 23, 2018 SHIFT_BAD(1)
+OpenBSD April 24, 2022 SHIFT_BAD(1)
Index: bad.in
===================================================================
RCS file: /home/cvs/mandoc/mandoc/regress/roff/shift/bad.in,v
retrieving revision 1.1
retrieving revision 1.2
diff -Lregress/roff/shift/bad.in -Lregress/roff/shift/bad.in -u -p -r1.1 -r1.2
--- regress/roff/shift/bad.in
+++ regress/roff/shift/bad.in
@@ -1,5 +1,5 @@
-.\" $OpenBSD: bad.in,v 1.1 2018/08/23 14:16:12 schwarze Exp $
-.TH SHIFT_BAD 1 "August 23, 2018"
+.\" $OpenBSD: bad.in,v 1.2 2022/04/24 13:34:53 schwarze Exp $
+.TH SHIFT_BAD 1 "April 24, 2022"
.SH NAME
.B shift-bad
\(en wrong usage of macro arguments
@@ -22,6 +22,10 @@ argument used after call: "\$1"
.de mym
.shift badarg
after shift badarg: "\\$1"
+.br
+.shift -1
+after shift \-1: "\\$1"
+.br
.shift 2
after excessive shift: \\n(.$ "\\$1"
..
--
To unsubscribe send an email to source+unsubscribe@mandoc.bsd.lv
reply other threads:[~2022-04-24 13:39 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=336513f2c1872280@mandoc.bsd.lv \
--to=schwarze@mandoc.bsd.lv \
--cc=source@mandoc.bsd.lv \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).