From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from localhost (fantadrom.bsd.lv [local]); by fantadrom.bsd.lv (OpenSMTPD) with ESMTPA id f1cb2560; for ; Fri, 19 Dec 2014 12:12:35 -0500 (EST) Date: Fri, 19 Dec 2014 12:12:35 -0500 (EST) Message-Id: <479502650597737664.enqueue@fantadrom.bsd.lv> X-Mailinglist: mdocml-source Reply-To: source@mdocml.bsd.lv MIME-Version: 1.0 From: schwarze@mdocml.bsd.lv To: source@mdocml.bsd.lv Subject: mdocml: Enforcing an arbitrary, implementation dependent, undocumented X-Mailer: activitymail 1.26, http://search.cpan.org/dist/activitymail/ Content-Type: text/plain; charset=utf-8 Log Message: ----------- Enforcing an arbitrary, implementation dependent, undocumented limit by calling assert() when valid user input exceeds it is a bad idea. Allocate the terminal font stack dynamically instead of crashing above 10 entries. Issue found by jsg@ with afl. Modified Files: -------------- mdocml: term.c term.h term_ascii.c term_ps.c Revision Data ------------- Index: term.h =================================================================== RCS file: /home/cvs/mdocml/mdocml/term.h,v retrieving revision 1.108 retrieving revision 1.109 diff -Lterm.h -Lterm.h -u -p -r1.108 -r1.109 --- term.h +++ term.h @@ -84,7 +84,8 @@ struct termp { enum termenc enc; /* Type of encoding. */ const struct mchars *symtab; /* Character table. */ enum termfont fontl; /* Last font set. */ - enum termfont fontq[10]; /* Symmetric fonts. */ + enum termfont *fontq; /* Symmetric fonts. */ + int fontsz; /* Allocated size of font stack */ int fonti; /* Index of font stack. */ term_margin headf; /* invoked to print head */ term_margin footf; /* invoked to print foot */ @@ -127,11 +128,10 @@ size_t term_vspan(const struct termp size_t term_strlen(const struct termp *, const char *); size_t term_len(const struct termp *, size_t); -enum termfont term_fonttop(struct termp *); -const void *term_fontq(struct termp *); +const enum termfont *term_fontq(struct termp *); void term_fontpush(struct termp *, enum termfont); void term_fontpop(struct termp *); -void term_fontpopq(struct termp *, const void *); +void term_fontpopq(struct termp *, const enum termfont *); void term_fontrepl(struct termp *, enum termfont); void term_fontlast(struct termp *); Index: term.c =================================================================== RCS file: /home/cvs/mdocml/mdocml/term.c,v retrieving revision 1.237 retrieving revision 1.238 diff -Lterm.c -Lterm.c -u -p -r1.237 -r1.238 --- term.c +++ term.c @@ -43,6 +43,7 @@ term_free(struct termp *p) { free(p->buf); + free(p->fontq); free(p); } @@ -329,6 +330,7 @@ term_vspace(struct termp *p) (*p->endline)(p); } +/* Swap current and previous font; for \fP and .ft P */ void term_fontlast(struct termp *p) { @@ -339,6 +341,7 @@ term_fontlast(struct termp *p) p->fontq[p->fonti] = f; } +/* Set font, save current, discard previous; for \f, .ft, .B etc. */ void term_fontrepl(struct termp *p, enum termfont f) { @@ -347,38 +350,39 @@ term_fontrepl(struct termp *p, enum term p->fontq[p->fonti] = f; } +/* Set font, save previous. */ void term_fontpush(struct termp *p, enum termfont f) { - assert(p->fonti + 1 < 10); p->fontl = p->fontq[p->fonti]; - p->fontq[++p->fonti] = f; + if (++p->fonti == p->fontsz) { + p->fontsz += 8; + p->fontq = mandoc_reallocarray(p->fontq, + p->fontsz, sizeof(enum termfont *)); + } + p->fontq[p->fonti] = f; } -const void * +/* Retrieve pointer to current font. */ +const enum termfont * term_fontq(struct termp *p) { return(&p->fontq[p->fonti]); } -enum termfont -term_fonttop(struct termp *p) -{ - - return(p->fontq[p->fonti]); -} - +/* Flush to make the saved pointer current again. */ void -term_fontpopq(struct termp *p, const void *key) +term_fontpopq(struct termp *p, const enum termfont *key) { - while (p->fonti >= 0 && key < (void *)(p->fontq + p->fonti)) + while (p->fonti >= 0 && key < p->fontq + p->fonti) p->fonti--; assert(p->fonti >= 0); } +/* Pop one font off the stack. */ void term_fontpop(struct termp *p) { @@ -554,7 +558,7 @@ encode1(struct termp *p, int c) if (p->col + 6 >= p->maxcols) adjbuf(p, p->col + 6); - f = term_fonttop(p); + f = *term_fontq(p); if (TERMFONT_UNDER == f || TERMFONT_BI == f) { p->buf[p->col++] = '_'; @@ -586,7 +590,7 @@ encode(struct termp *p, const char *word * character by character. */ - if (TERMFONT_NONE == term_fonttop(p)) { + if (*term_fontq(p) == TERMFONT_NONE) { if (p->col + sz >= p->maxcols) adjbuf(p, p->col + sz); for (i = 0; i < sz; i++) Index: term_ps.c =================================================================== RCS file: /home/cvs/mdocml/mdocml/term_ps.c,v retrieving revision 1.70 retrieving revision 1.71 diff -Lterm_ps.c -Lterm_ps.c -u -p -r1.70 -r1.71 --- term_ps.c +++ term_ps.c @@ -540,6 +540,9 @@ pspdf_alloc(const struct mchars *mchars, p = mandoc_calloc(1, sizeof(struct termp)); p->symtab = mchars; p->enc = TERMENC_ASCII; + p->fontq = mandoc_reallocarray(NULL, + (p->fontsz = 8), sizeof(enum termfont)); + p->fontq[0] = p->fontl = TERMFONT_NONE; p->ps = mandoc_calloc(1, sizeof(struct termp_ps)); p->advance = ps_advance; Index: term_ascii.c =================================================================== RCS file: /home/cvs/mdocml/mdocml/term_ascii.c,v retrieving revision 1.40 retrieving revision 1.41 diff -Lterm_ascii.c -Lterm_ascii.c -u -p -r1.40 -r1.41 --- term_ascii.c +++ term_ascii.c @@ -69,6 +69,9 @@ ascii_init(enum termenc enc, const struc p->symtab = mchars; p->tabwidth = 5; p->defrmargin = p->lastrmargin = 78; + p->fontq = mandoc_reallocarray(NULL, + (p->fontsz = 8), sizeof(enum termfont)); + p->fontq[0] = p->fontl = TERMFONT_NONE; p->begin = ascii_begin; p->end = ascii_end; -- To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv