* mdocml: Enforcing an arbitrary, implementation dependent, undocumented
@ 2014-12-19 17:12 schwarze
0 siblings, 0 replies; only message in thread
From: schwarze @ 2014-12-19 17:12 UTC (permalink / raw)
To: source
Log Message:
-----------
Enforcing an arbitrary, implementation dependent, undocumented limit
by calling assert() when valid user input exceeds it is a bad idea.
Allocate the terminal font stack dynamically instead of crashing
above 10 entries. Issue found by jsg@ with afl.
Modified Files:
--------------
mdocml:
term.c
term.h
term_ascii.c
term_ps.c
Revision Data
-------------
Index: term.h
===================================================================
RCS file: /home/cvs/mdocml/mdocml/term.h,v
retrieving revision 1.108
retrieving revision 1.109
diff -Lterm.h -Lterm.h -u -p -r1.108 -r1.109
--- term.h
+++ term.h
@@ -84,7 +84,8 @@ struct termp {
enum termenc enc; /* Type of encoding. */
const struct mchars *symtab; /* Character table. */
enum termfont fontl; /* Last font set. */
- enum termfont fontq[10]; /* Symmetric fonts. */
+ enum termfont *fontq; /* Symmetric fonts. */
+ int fontsz; /* Allocated size of font stack */
int fonti; /* Index of font stack. */
term_margin headf; /* invoked to print head */
term_margin footf; /* invoked to print foot */
@@ -127,11 +128,10 @@ size_t term_vspan(const struct termp
size_t term_strlen(const struct termp *, const char *);
size_t term_len(const struct termp *, size_t);
-enum termfont term_fonttop(struct termp *);
-const void *term_fontq(struct termp *);
+const enum termfont *term_fontq(struct termp *);
void term_fontpush(struct termp *, enum termfont);
void term_fontpop(struct termp *);
-void term_fontpopq(struct termp *, const void *);
+void term_fontpopq(struct termp *, const enum termfont *);
void term_fontrepl(struct termp *, enum termfont);
void term_fontlast(struct termp *);
Index: term.c
===================================================================
RCS file: /home/cvs/mdocml/mdocml/term.c,v
retrieving revision 1.237
retrieving revision 1.238
diff -Lterm.c -Lterm.c -u -p -r1.237 -r1.238
--- term.c
+++ term.c
@@ -43,6 +43,7 @@ term_free(struct termp *p)
{
free(p->buf);
+ free(p->fontq);
free(p);
}
@@ -329,6 +330,7 @@ term_vspace(struct termp *p)
(*p->endline)(p);
}
+/* Swap current and previous font; for \fP and .ft P */
void
term_fontlast(struct termp *p)
{
@@ -339,6 +341,7 @@ term_fontlast(struct termp *p)
p->fontq[p->fonti] = f;
}
+/* Set font, save current, discard previous; for \f, .ft, .B etc. */
void
term_fontrepl(struct termp *p, enum termfont f)
{
@@ -347,38 +350,39 @@ term_fontrepl(struct termp *p, enum term
p->fontq[p->fonti] = f;
}
+/* Set font, save previous. */
void
term_fontpush(struct termp *p, enum termfont f)
{
- assert(p->fonti + 1 < 10);
p->fontl = p->fontq[p->fonti];
- p->fontq[++p->fonti] = f;
+ if (++p->fonti == p->fontsz) {
+ p->fontsz += 8;
+ p->fontq = mandoc_reallocarray(p->fontq,
+ p->fontsz, sizeof(enum termfont *));
+ }
+ p->fontq[p->fonti] = f;
}
-const void *
+/* Retrieve pointer to current font. */
+const enum termfont *
term_fontq(struct termp *p)
{
return(&p->fontq[p->fonti]);
}
-enum termfont
-term_fonttop(struct termp *p)
-{
-
- return(p->fontq[p->fonti]);
-}
-
+/* Flush to make the saved pointer current again. */
void
-term_fontpopq(struct termp *p, const void *key)
+term_fontpopq(struct termp *p, const enum termfont *key)
{
- while (p->fonti >= 0 && key < (void *)(p->fontq + p->fonti))
+ while (p->fonti >= 0 && key < p->fontq + p->fonti)
p->fonti--;
assert(p->fonti >= 0);
}
+/* Pop one font off the stack. */
void
term_fontpop(struct termp *p)
{
@@ -554,7 +558,7 @@ encode1(struct termp *p, int c)
if (p->col + 6 >= p->maxcols)
adjbuf(p, p->col + 6);
- f = term_fonttop(p);
+ f = *term_fontq(p);
if (TERMFONT_UNDER == f || TERMFONT_BI == f) {
p->buf[p->col++] = '_';
@@ -586,7 +590,7 @@ encode(struct termp *p, const char *word
* character by character.
*/
- if (TERMFONT_NONE == term_fonttop(p)) {
+ if (*term_fontq(p) == TERMFONT_NONE) {
if (p->col + sz >= p->maxcols)
adjbuf(p, p->col + sz);
for (i = 0; i < sz; i++)
Index: term_ps.c
===================================================================
RCS file: /home/cvs/mdocml/mdocml/term_ps.c,v
retrieving revision 1.70
retrieving revision 1.71
diff -Lterm_ps.c -Lterm_ps.c -u -p -r1.70 -r1.71
--- term_ps.c
+++ term_ps.c
@@ -540,6 +540,9 @@ pspdf_alloc(const struct mchars *mchars,
p = mandoc_calloc(1, sizeof(struct termp));
p->symtab = mchars;
p->enc = TERMENC_ASCII;
+ p->fontq = mandoc_reallocarray(NULL,
+ (p->fontsz = 8), sizeof(enum termfont));
+ p->fontq[0] = p->fontl = TERMFONT_NONE;
p->ps = mandoc_calloc(1, sizeof(struct termp_ps));
p->advance = ps_advance;
Index: term_ascii.c
===================================================================
RCS file: /home/cvs/mdocml/mdocml/term_ascii.c,v
retrieving revision 1.40
retrieving revision 1.41
diff -Lterm_ascii.c -Lterm_ascii.c -u -p -r1.40 -r1.41
--- term_ascii.c
+++ term_ascii.c
@@ -69,6 +69,9 @@ ascii_init(enum termenc enc, const struc
p->symtab = mchars;
p->tabwidth = 5;
p->defrmargin = p->lastrmargin = 78;
+ p->fontq = mandoc_reallocarray(NULL,
+ (p->fontsz = 8), sizeof(enum termfont));
+ p->fontq[0] = p->fontl = TERMFONT_NONE;
p->begin = ascii_begin;
p->end = ascii_end;
--
To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2014-12-19 17:12 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-12-19 17:12 mdocml: Enforcing an arbitrary, implementation dependent, undocumented schwarze
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).