texi2mdoc: Fix some buffer overruns found by AFL.

[kristaps@mdocml.bsd.lv]

Log Message:
-----------
Fix some buffer overruns found by AFL.

Modified Files:
--------------
    texi2mdoc:
        Makefile
        main.c
        util.c

Revision Data
-------------
Index: main.c
===================================================================
RCS file: /home/cvs/mdocml/texi2mdoc/main.c,v
retrieving revision 1.68
retrieving revision 1.69
diff -Lmain.c -Lmain.c -u -p -r1.68 -r1.69
--- main.c
+++ main.c
@@ -607,9 +607,17 @@ domacro(struct texi *p, enum texicmd cmd
 	m.key[end - start] = '\0';
 
 	m.args = argparse(p, pos, &m.argsz, 0);
+	if (*pos == BUFSZ(p)) {
+		texiwarn(p, "unexpected EOF");
+		return;
+	}
 
 	/* Note: we advance to the beginning of the macro. */
 	advanceeoln(p, pos, 1);
+	if ((start = *pos) == BUFSZ(p)) {
+		texiwarn(p, "unexpected EOF");
+		return;
+	}
 
 	/*
 	 * According to the Texinfo manual, the macro ends on the
@@ -622,7 +630,6 @@ domacro(struct texi *p, enum texicmd cmd
 	 * @end macro without the leading newline else we might look
 	 * past empty macros.
 	 */
-	start = *pos;
 	endtok = "@end macro\n";
 	endtoksz = strlen(endtok);
 	blk = memmem(&BUF(p)[start], BUFSZ(p) - start, endtok, endtoksz);
@@ -1526,7 +1533,10 @@ doprintindex(struct texi *p, enum texicm
 	}
 
 	advance(p, pos);
-	if (0 == (len = end - start)) {
+	if (*pos == BUFSZ(p)) {
+		texiwarn(p, "unexpected EOF");
+		return;
+	} else if (0 == (len = end - start)) {
 		texiwarn(p, "zero-length index");
 		return;
 	}
@@ -1672,7 +1682,7 @@ domenu(struct texi *p, enum texicmd cmd,
 	while (*pos < BUFSZ(p)) {
 		while (*pos < BUFSZ(p) && isws(BUF(p)[*pos]))
 			advance(p, pos);
-		if ('*' != BUF(p)[*pos]) {
+		if (*pos < BUFSZ(p) && '*' != BUF(p)[*pos]) {
 			if (TEXICMD_END == peeklinecmd(p, *pos))
 				break;
 			parseeoln(p, pos);
@@ -1695,7 +1705,10 @@ domenu(struct texi *p, enum texicmd cmd,
 			p->seenws = *pos < BUFSZ(p) && isws(BUF(p)[*pos]);
 		while (*pos < BUFSZ(p) && isws(BUF(p)[*pos]))
 			advance(p, pos);
-		if ('*' != BUF(p)[*pos]) {
+		if (*pos == BUFSZ(p)) {
+			texiwarn(p, "unexpected EOF");
+			return;
+		} else if ('*' != BUF(p)[*pos]) {
 			tcmd = peeklinecmd(p, *pos);
 			if (TEXICMD_END == tcmd)
 				break;
@@ -1714,6 +1727,10 @@ domenu(struct texi *p, enum texicmd cmd,
 		while (*pos < BUFSZ(p) && ':' != BUF(p)[*pos])
 			advance(p, pos);
 		entrynameend = *pos;
+		if (*pos == BUFSZ(p)) {
+			texiwarn(p, "unexpected EOF");
+			return;
+		}
 		advance(p, pos);
 
 		p->seenvs = 0;
Index: Makefile
===================================================================
RCS file: /home/cvs/mdocml/texi2mdoc/Makefile,v
retrieving revision 1.10
retrieving revision 1.11
diff -LMakefile -LMakefile -u -p -r1.10 -r1.11
--- Makefile
+++ Makefile
@@ -34,7 +34,7 @@ installwww: www
 $(OBJS): extern.h
 
 afl/texi2mdoc: extern.h $(SRCS) 
-	afl-clang -o $@ $(SRCS)
+	$(CC) -o $@ $(SRCS)
 
 index.html: index.xml $(VERSIONS)
 	sblg -o- -t index.xml $(VERSIONS) | sed "s!@VERSION@!$(VERSION)!g" >$@
Index: util.c
===================================================================
RCS file: /home/cvs/mdocml/texi2mdoc/util.c,v
retrieving revision 1.32
retrieving revision 1.33
diff -Lutil.c -Lutil.c -u -p -r1.32 -r1.33
--- util.c
+++ util.c
@@ -582,7 +582,8 @@ advanceeoln(struct texi *p, size_t *pos,
 	while (*pos < BUFSZ(p) && '\n' != BUF(p)[*pos]) {
 		if ('@' == BUF(p)[*pos])
 			advance(p, pos);
-		advance(p, pos);
+		if (*pos < BUFSZ(p))
+			advance(p, pos);
 	}
 	if (*pos < BUFSZ(p) && consumenl)
 		advance(p, pos);
@@ -1059,6 +1060,10 @@ parseeoln(struct texi *p, size_t *pos)
 			if (p->literal)
 				texiputchar(p, BUF(p)[*pos]);
 			advance(p, pos);
+		}
+		if (*pos == BUFSZ(p)) {
+			texiwarn(p, "unexpected EOF");
+			return;
 		}
 		switch (BUF(p)[*pos]) {
 		case ('}'):
--
 To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv