mandoc: If a .shift request has a negative argument, do not use a

source@mandoc.bsd.lv
 help / color / mirror / Atom feed

* mandoc: If a .shift request has a negative argument, do not use a
@ 2022-04-24 13:39 schwarze
  0 siblings, 0 replies; only message in thread
From: schwarze @ 2022-04-24 13:39 UTC (permalink / raw)
  To: source

Log Message:
-----------
If a .shift request has a negative argument, do not use a negative array 
index but use 0 instead of the argument, just like groff.
Warn about the invalid argument.
While here, fix the column number in another warning message.

Segfault reported by tb@, found with afl(1).

Modified Files:
--------------
    mandoc:
        mandoc.1
        mandoc.h
        mandoc_msg.c
        roff.c
    mandoc/regress/roff/shift:
        bad.in
        bad.out_ascii
        bad.out_lint

Revision Data
-------------
Index: mandoc_msg.c
===================================================================
RCS file: /home/cvs/mandoc/mandoc/mandoc_msg.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -Lmandoc_msg.c -Lmandoc_msg.c -u -p -r1.16 -r1.17
--- mandoc_msg.c
+++ mandoc_msg.c
@@ -1,6 +1,6 @@
 /* $OpenBSD: mandoc_msg.c,v 1.8 2020/01/19 17:59:01 schwarze Exp $ */
 /*
- * Copyright (c) 2014-2021 Ingo Schwarze <schwarze@openbsd.org>
+ * Copyright (c) 2014-2022 Ingo Schwarze <schwarze@openbsd.org>
  * Copyright (c) 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv>
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -216,6 +216,7 @@ static	const char *const type_message[MA
 	"escaped character not allowed in a name",
 	"using macro argument outside macro",
 	"argument number is not numeric",
+	"negative argument, using 0",
 	"NOT IMPLEMENTED: Bd -file",
 	"skipping display without arguments",
 	"missing list type, using -item",
Index: mandoc.h
===================================================================
RCS file: /home/cvs/mandoc/mandoc/mandoc.h,v
retrieving revision 1.274
retrieving revision 1.275
diff -Lmandoc.h -Lmandoc.h -u -p -r1.274 -r1.275
--- mandoc.h
+++ mandoc.h
@@ -1,6 +1,6 @@
 /* $Id$ */
 /*
- * Copyright (c) 2012-2021 Ingo Schwarze <schwarze@openbsd.org>
+ * Copyright (c) 2012-2022 Ingo Schwarze <schwarze@openbsd.org>
  * Copyright (c) 2010, 2011, 2014 Kristaps Dzonsons <kristaps@bsd.lv>
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -215,6 +215,7 @@ enum	mandocerr {
 	MANDOCERR_NAMESC, /* escaped character not allowed in a name: name */
 	MANDOCERR_ARG_UNDEF, /* using macro argument outside macro */
 	MANDOCERR_ARG_NONUM, /* argument number is not numeric */
+	MANDOCERR_ARG_NEG, /* negative argument, using 0: request arg */
 	MANDOCERR_BD_FILE, /* NOT IMPLEMENTED: Bd -file */
 	MANDOCERR_BD_NOARG, /* skipping display without arguments: Bd */
 	MANDOCERR_BL_NOTYPE, /* missing list type, using -item: Bl */
Index: mandoc.1
===================================================================
RCS file: /home/cvs/mandoc/mandoc/mandoc.1,v
retrieving revision 1.256
retrieving revision 1.257
diff -Lmandoc.1 -Lmandoc.1 -u -p -r1.256 -r1.257
--- mandoc.1
+++ mandoc.1
@@ -1,6 +1,6 @@
 .\" $Id$
 .\"
-.\" Copyright (c) 2012, 2014-2021 Ingo Schwarze <schwarze@openbsd.org>
+.\" Copyright (c) 2012, 2014-2022 Ingo Schwarze <schwarze@openbsd.org>
 .\" Copyright (c) 2009, 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -2082,6 +2082,13 @@ and expands to the empty string.
 .Pq roff
 The argument of the escape sequence \e$ is not a digit;
 the escape sequence expands to the empty string.
+.It Sy "negative argument, using 0"
+.Pq roff
+A
+.Ic \&shift
+request has a negative argument
+or an argument that is negative due to integer overflow.
+Macro argument numbering remains unchanged.
 .It Sy "NOT IMPLEMENTED: Bd -file"
 .Pq mdoc
 For security reasons, the
Index: roff.c
===================================================================
RCS file: /home/cvs/mandoc/mandoc/roff.c,v
retrieving revision 1.381
retrieving revision 1.382
diff -Lroff.c -Lroff.c -u -p -r1.381 -r1.382
--- roff.c
+++ roff.c
@@ -3870,8 +3870,9 @@ static int
 roff_shift(ROFF_ARGS)
 {
 	struct mctx	*ctx;
-	int		 levels, i;
+	int		 argpos, levels, i;
 
+	argpos = pos;
 	levels = 1;
 	if (buf->buf[pos] != '\0' &&
 	    roff_evalnum(r, ln, buf->buf, &pos, &levels, 0) == 0) {
@@ -3886,8 +3887,12 @@ roff_shift(ROFF_ARGS)
 	ctx = r->mstack + r->mstackpos;
 	if (levels > ctx->argc) {
 		mandoc_msg(MANDOCERR_SHIFT,
-		    ln, pos, "%d, but max is %d", levels, ctx->argc);
+		    ln, argpos, "%d, but max is %d", levels, ctx->argc);
 		levels = ctx->argc;
+	}
+	if (levels < 0) {
+		mandoc_msg(MANDOCERR_ARG_NEG, ln, argpos, "shift %d", levels);
+		levels = 0;
 	}
 	if (levels == 0)
 		return ROFF_IGN;
Index: bad.out_lint
===================================================================
RCS file: /home/cvs/mandoc/mandoc/regress/roff/shift/bad.out_lint,v
retrieving revision 1.1
retrieving revision 1.2
diff -Lregress/roff/shift/bad.out_lint -Lregress/roff/shift/bad.out_lint -u -p -r1.1 -r1.2
--- regress/roff/shift/bad.out_lint
+++ regress/roff/shift/bad.out_lint
@@ -3,5 +3,6 @@ mandoc: bad.in:15:2: ERROR: ignoring req
 mandoc: bad.in:17:31: ERROR: argument number is not numeric: \$x
 mandoc: bad.in:19:28: ERROR: using macro argument outside macro: \$1
 mandoc: bad.in:20:2: ERROR: ignoring request outside macro: shift
-mandoc: bad.in:28:8: ERROR: argument is not numeric, using 1: shift badarg
-mandoc: bad.in:28:9: ERROR: excessive shift: 2, but max is 1
+mandoc: bad.in:32:8: ERROR: argument is not numeric, using 1: shift badarg
+mandoc: bad.in:32:8: ERROR: negative argument, using 0: shift -1
+mandoc: bad.in:32:8: ERROR: excessive shift: 2, but max is 1
Index: bad.out_ascii
===================================================================
RCS file: /home/cvs/mandoc/mandoc/regress/roff/shift/bad.out_ascii,v
retrieving revision 1.2
retrieving revision 1.3
diff -Lregress/roff/shift/bad.out_ascii -Lregress/roff/shift/bad.out_ascii -u -p -r1.2 -r1.3
--- regress/roff/shift/bad.out_ascii
+++ regress/roff/shift/bad.out_ascii
@@ -14,8 +14,10 @@ D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
 
        argument used after call: ""
 
-       after shift badarg: "arg2" after excessive shift: 0 ""
+       after shift badarg: "arg2"
+       after shift -1: "arg2"
+       after excessive shift: 0 ""
 
        final text
 
-OpenBSD                         August 23, 2018                   SHIFT_BAD(1)
+OpenBSD                         April 24, 2022                    SHIFT_BAD(1)
Index: bad.in
===================================================================
RCS file: /home/cvs/mandoc/mandoc/regress/roff/shift/bad.in,v
retrieving revision 1.1
retrieving revision 1.2
diff -Lregress/roff/shift/bad.in -Lregress/roff/shift/bad.in -u -p -r1.1 -r1.2
--- regress/roff/shift/bad.in
+++ regress/roff/shift/bad.in
@@ -1,5 +1,5 @@
-.\" $OpenBSD: bad.in,v 1.1 2018/08/23 14:16:12 schwarze Exp $
-.TH SHIFT_BAD 1 "August 23, 2018"
+.\" $OpenBSD: bad.in,v 1.2 2022/04/24 13:34:53 schwarze Exp $
+.TH SHIFT_BAD 1 "April 24, 2022"
 .SH NAME
 .B shift-bad
 \(en wrong usage of macro arguments
@@ -22,6 +22,10 @@ argument used after call: "\$1"
 .de mym
 .shift badarg
 after shift badarg: "\\$1"
+.br
+.shift -1
+after shift \-1: "\\$1"
+.br
 .shift 2
 after excessive shift: \\n(.$ "\\$1"
 ..
--
 To unsubscribe send an email to source+unsubscribe@mandoc.bsd.lv


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2022-04-24 13:39 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-24 13:39 mandoc: If a .shift request has a negative argument, do not use a schwarze

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).