mdocml: Enforcing an arbitrary, implementation dependent, undocumented

[schwarze@mdocml.bsd.lv]

Log Message:
-----------
Enforcing an arbitrary, implementation dependent, undocumented limit
by calling assert() when valid user input exceeds it is a bad idea.
Allocate the terminal font stack dynamically instead of crashing 
above 10 entries.  Issue found by jsg@ with afl.

Modified Files:
--------------
    mdocml:
        term.c
        term.h
        term_ascii.c
        term_ps.c

Revision Data
-------------
Index: term.h
===================================================================
RCS file: /home/cvs/mdocml/mdocml/term.h,v
retrieving revision 1.108
retrieving revision 1.109
diff -Lterm.h -Lterm.h -u -p -r1.108 -r1.109
--- term.h
+++ term.h
@@ -84,7 +84,8 @@ struct	termp {
 	enum termenc	  enc;		/* Type of encoding. */
 	const struct mchars *symtab;	/* Character table. */
 	enum termfont	  fontl;	/* Last font set. */
-	enum termfont	  fontq[10];	/* Symmetric fonts. */
+	enum termfont	 *fontq;	/* Symmetric fonts. */
+	int		  fontsz;	/* Allocated size of font stack */
 	int		  fonti;	/* Index of font stack. */
 	term_margin	  headf;	/* invoked to print head */
 	term_margin	  footf;	/* invoked to print foot */
@@ -127,11 +128,10 @@ size_t		  term_vspan(const struct termp 
 size_t		  term_strlen(const struct termp *, const char *);
 size_t		  term_len(const struct termp *, size_t);
 
-enum termfont	  term_fonttop(struct termp *);
-const void	 *term_fontq(struct termp *);
+const enum termfont *term_fontq(struct termp *);
 void		  term_fontpush(struct termp *, enum termfont);
 void		  term_fontpop(struct termp *);
-void		  term_fontpopq(struct termp *, const void *);
+void		  term_fontpopq(struct termp *, const enum termfont *);
 void		  term_fontrepl(struct termp *, enum termfont);
 void		  term_fontlast(struct termp *);
 
Index: term.c
===================================================================
RCS file: /home/cvs/mdocml/mdocml/term.c,v
retrieving revision 1.237
retrieving revision 1.238
diff -Lterm.c -Lterm.c -u -p -r1.237 -r1.238
--- term.c
+++ term.c
@@ -43,6 +43,7 @@ term_free(struct termp *p)
 {
 
 	free(p->buf);
+	free(p->fontq);
 	free(p);
 }
 
@@ -329,6 +330,7 @@ term_vspace(struct termp *p)
 		(*p->endline)(p);
 }
 
+/* Swap current and previous font; for \fP and .ft P */
 void
 term_fontlast(struct termp *p)
 {
@@ -339,6 +341,7 @@ term_fontlast(struct termp *p)
 	p->fontq[p->fonti] = f;
 }
 
+/* Set font, save current, discard previous; for \f, .ft, .B etc. */
 void
 term_fontrepl(struct termp *p, enum termfont f)
 {
@@ -347,38 +350,39 @@ term_fontrepl(struct termp *p, enum term
 	p->fontq[p->fonti] = f;
 }
 
+/* Set font, save previous. */
 void
 term_fontpush(struct termp *p, enum termfont f)
 {
 
-	assert(p->fonti + 1 < 10);
 	p->fontl = p->fontq[p->fonti];
-	p->fontq[++p->fonti] = f;
+	if (++p->fonti == p->fontsz) {
+		p->fontsz += 8;
+		p->fontq = mandoc_reallocarray(p->fontq,
+		    p->fontsz, sizeof(enum termfont *));
+	}
+	p->fontq[p->fonti] = f;
 }
 
-const void *
+/* Retrieve pointer to current font. */
+const enum termfont *
 term_fontq(struct termp *p)
 {
 
 	return(&p->fontq[p->fonti]);
 }
 
-enum termfont
-term_fonttop(struct termp *p)
-{
-
-	return(p->fontq[p->fonti]);
-}
-
+/* Flush to make the saved pointer current again. */
 void
-term_fontpopq(struct termp *p, const void *key)
+term_fontpopq(struct termp *p, const enum termfont *key)
 {
 
-	while (p->fonti >= 0 && key < (void *)(p->fontq + p->fonti))
+	while (p->fonti >= 0 && key < p->fontq + p->fonti)
 		p->fonti--;
 	assert(p->fonti >= 0);
 }
 
+/* Pop one font off the stack. */
 void
 term_fontpop(struct termp *p)
 {
@@ -554,7 +558,7 @@ encode1(struct termp *p, int c)
 	if (p->col + 6 >= p->maxcols)
 		adjbuf(p, p->col + 6);
 
-	f = term_fonttop(p);
+	f = *term_fontq(p);
 
 	if (TERMFONT_UNDER == f || TERMFONT_BI == f) {
 		p->buf[p->col++] = '_';
@@ -586,7 +590,7 @@ encode(struct termp *p, const char *word
 	 * character by character.
 	 */
 
-	if (TERMFONT_NONE == term_fonttop(p)) {
+	if (*term_fontq(p) == TERMFONT_NONE) {
 		if (p->col + sz >= p->maxcols)
 			adjbuf(p, p->col + sz);
 		for (i = 0; i < sz; i++)
Index: term_ps.c
===================================================================
RCS file: /home/cvs/mdocml/mdocml/term_ps.c,v
retrieving revision 1.70
retrieving revision 1.71
diff -Lterm_ps.c -Lterm_ps.c -u -p -r1.70 -r1.71
--- term_ps.c
+++ term_ps.c
@@ -540,6 +540,9 @@ pspdf_alloc(const struct mchars *mchars,
 	p = mandoc_calloc(1, sizeof(struct termp));
 	p->symtab = mchars;
 	p->enc = TERMENC_ASCII;
+	p->fontq = mandoc_reallocarray(NULL,
+	    (p->fontsz = 8), sizeof(enum termfont));
+	p->fontq[0] = p->fontl = TERMFONT_NONE;
 	p->ps = mandoc_calloc(1, sizeof(struct termp_ps));
 
 	p->advance = ps_advance;
Index: term_ascii.c
===================================================================
RCS file: /home/cvs/mdocml/mdocml/term_ascii.c,v
retrieving revision 1.40
retrieving revision 1.41
diff -Lterm_ascii.c -Lterm_ascii.c -u -p -r1.40 -r1.41
--- term_ascii.c
+++ term_ascii.c
@@ -69,6 +69,9 @@ ascii_init(enum termenc enc, const struc
 	p->symtab = mchars;
 	p->tabwidth = 5;
 	p->defrmargin = p->lastrmargin = 78;
+	p->fontq = mandoc_reallocarray(NULL,
+	     (p->fontsz = 8), sizeof(enum termfont));
+	p->fontq[0] = p->fontl = TERMFONT_NONE;
 
 	p->begin = ascii_begin;
 	p->end = ascii_end;
--
 To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv