From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from localhost (fantadrom.bsd.lv [local]); by fantadrom.bsd.lv (OpenSMTPD) with ESMTPA id 23bdddef; for ; Fri, 13 Mar 2015 03:08:04 -0500 (EST) Date: Fri, 13 Mar 2015 03:08:04 -0500 (EST) Message-Id: <5757900739915448276.enqueue@fantadrom.bsd.lv> X-Mailinglist: mdocml-source Reply-To: source@mdocml.bsd.lv MIME-Version: 1.0 From: kristaps@mdocml.bsd.lv To: source@mdocml.bsd.lv Subject: texi2mdoc: Fix some buffer overruns found by AFL. X-Mailer: activitymail 1.26, http://search.cpan.org/dist/activitymail/ Content-Type: text/plain; charset=utf-8 Log Message: ----------- Fix some buffer overruns found by AFL. Modified Files: -------------- texi2mdoc: Makefile main.c util.c Revision Data ------------- Index: main.c =================================================================== RCS file: /home/cvs/mdocml/texi2mdoc/main.c,v retrieving revision 1.68 retrieving revision 1.69 diff -Lmain.c -Lmain.c -u -p -r1.68 -r1.69 --- main.c +++ main.c @@ -607,9 +607,17 @@ domacro(struct texi *p, enum texicmd cmd m.key[end - start] = '\0'; m.args = argparse(p, pos, &m.argsz, 0); + if (*pos == BUFSZ(p)) { + texiwarn(p, "unexpected EOF"); + return; + } /* Note: we advance to the beginning of the macro. */ advanceeoln(p, pos, 1); + if ((start = *pos) == BUFSZ(p)) { + texiwarn(p, "unexpected EOF"); + return; + } /* * According to the Texinfo manual, the macro ends on the @@ -622,7 +630,6 @@ domacro(struct texi *p, enum texicmd cmd * @end macro without the leading newline else we might look * past empty macros. */ - start = *pos; endtok = "@end macro\n"; endtoksz = strlen(endtok); blk = memmem(&BUF(p)[start], BUFSZ(p) - start, endtok, endtoksz); @@ -1526,7 +1533,10 @@ doprintindex(struct texi *p, enum texicm } advance(p, pos); - if (0 == (len = end - start)) { + if (*pos == BUFSZ(p)) { + texiwarn(p, "unexpected EOF"); + return; + } else if (0 == (len = end - start)) { texiwarn(p, "zero-length index"); return; } @@ -1672,7 +1682,7 @@ domenu(struct texi *p, enum texicmd cmd, while (*pos < BUFSZ(p)) { while (*pos < BUFSZ(p) && isws(BUF(p)[*pos])) advance(p, pos); - if ('*' != BUF(p)[*pos]) { + if (*pos < BUFSZ(p) && '*' != BUF(p)[*pos]) { if (TEXICMD_END == peeklinecmd(p, *pos)) break; parseeoln(p, pos); @@ -1695,7 +1705,10 @@ domenu(struct texi *p, enum texicmd cmd, p->seenws = *pos < BUFSZ(p) && isws(BUF(p)[*pos]); while (*pos < BUFSZ(p) && isws(BUF(p)[*pos])) advance(p, pos); - if ('*' != BUF(p)[*pos]) { + if (*pos == BUFSZ(p)) { + texiwarn(p, "unexpected EOF"); + return; + } else if ('*' != BUF(p)[*pos]) { tcmd = peeklinecmd(p, *pos); if (TEXICMD_END == tcmd) break; @@ -1714,6 +1727,10 @@ domenu(struct texi *p, enum texicmd cmd, while (*pos < BUFSZ(p) && ':' != BUF(p)[*pos]) advance(p, pos); entrynameend = *pos; + if (*pos == BUFSZ(p)) { + texiwarn(p, "unexpected EOF"); + return; + } advance(p, pos); p->seenvs = 0; Index: Makefile =================================================================== RCS file: /home/cvs/mdocml/texi2mdoc/Makefile,v retrieving revision 1.10 retrieving revision 1.11 diff -LMakefile -LMakefile -u -p -r1.10 -r1.11 --- Makefile +++ Makefile @@ -34,7 +34,7 @@ installwww: www $(OBJS): extern.h afl/texi2mdoc: extern.h $(SRCS) - afl-clang -o $@ $(SRCS) + $(CC) -o $@ $(SRCS) index.html: index.xml $(VERSIONS) sblg -o- -t index.xml $(VERSIONS) | sed "s!@VERSION@!$(VERSION)!g" >$@ Index: util.c =================================================================== RCS file: /home/cvs/mdocml/texi2mdoc/util.c,v retrieving revision 1.32 retrieving revision 1.33 diff -Lutil.c -Lutil.c -u -p -r1.32 -r1.33 --- util.c +++ util.c @@ -582,7 +582,8 @@ advanceeoln(struct texi *p, size_t *pos, while (*pos < BUFSZ(p) && '\n' != BUF(p)[*pos]) { if ('@' == BUF(p)[*pos]) advance(p, pos); - advance(p, pos); + if (*pos < BUFSZ(p)) + advance(p, pos); } if (*pos < BUFSZ(p) && consumenl) advance(p, pos); @@ -1059,6 +1060,10 @@ parseeoln(struct texi *p, size_t *pos) if (p->literal) texiputchar(p, BUF(p)[*pos]); advance(p, pos); + } + if (*pos == BUFSZ(p)) { + texiwarn(p, "unexpected EOF"); + return; } switch (BUF(p)[*pos]) { case ('}'): -- To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv