From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from localhost (fantadrom.bsd.lv [local]) by fantadrom.bsd.lv (OpenSMTPD) with ESMTPA id 33087de1 for ; Wed, 1 Aug 2018 10:40:47 -0500 (EST) Date: Wed, 1 Aug 2018 10:40:47 -0500 (EST) X-Mailinglist: mandoc-source Reply-To: source@mandoc.bsd.lv MIME-Version: 1.0 From: schwarze@mandoc.bsd.lv To: source@mandoc.bsd.lv Subject: mandoc: After rewriting the parse buffer from scratch, we also have to X-Mailer: activitymail 1.26, http://search.cpan.org/dist/activitymail/ Content-Type: text/plain; charset=utf-8 Message-Id: Log Message: ----------- After rewriting the parse buffer from scratch, we also have to reset the parse point to the beginning of the new buffer or we risk out of bounds accesses. Bug found by Leah Neukirchen with valgrind on Void Linux. Modified Files: -------------- mandoc: roff.c NEWS Revision Data ------------- Index: NEWS =================================================================== RCS file: /home/cvs/mandoc/mandoc/NEWS,v retrieving revision 1.30 retrieving revision 1.31 diff -LNEWS -LNEWS -u -p -r1.30 -r1.31 --- NEWS +++ NEWS @@ -35,6 +35,8 @@ Changes in version 1.14.4, released on A * Only activate UTF-8 output when the user really selected UTF-8, not some other multibyte character encoding. * Prevent excessive .ll arguments from generating infinite output. + * Fix out of bounds accesses to parse buffers that could happen when + using renamed or user defined macros after roff(7) conditionals. * Avoid an assertion failure in certain .Bl -column lists. * Avoid a NULL pointer access on deroff() failure after '.SS ""'. * Fix a segfault that could be triggered by two invalid .Dt macros. @@ -60,7 +62,7 @@ Changes in version 1.14.4, released on A * Thomas Klausner (NetBSD) for suggesting two new style messages, one new feature, and for two bug reports. * Leah Neukirchen (Void Linux) for suggesting a new style message, - four bug reports, and release testing. + five bug reports, and release testing. * Anthony Bentley (OpenBSD) for reporting multiple bugs and missing features. * Paul Irofti (OpenBSD) and Nate Bargmann for suggesting new features. Index: roff.c =================================================================== RCS file: /home/cvs/mandoc/mandoc/roff.c,v retrieving revision 1.328 retrieving revision 1.329 diff -Lroff.c -Lroff.c -u -p -r1.328 -r1.329 --- roff.c +++ roff.c @@ -2845,6 +2845,7 @@ roff_TE(ROFF_ARGS) free(buf->buf); buf->buf = mandoc_strdup(".sp"); buf->sz = 4; + *offs = 0; return ROFF_REPARSE; } r->tbl = NULL; @@ -3364,6 +3365,7 @@ roff_userdef(ROFF_ARGS) ln, (int)(cp - n1), NULL); free(buf->buf); buf->buf = n1; + *offs = 0; return ROFF_IGN; } @@ -3458,6 +3460,7 @@ roff_renamed(ROFF_ARGS) buf->buf[pos] == '\0' ? "" : " ", buf->buf + pos) + 1; free(buf->buf); buf->buf = nbuf; + *offs = 0; return ROFF_CONT; } -- To unsubscribe send an email to source+unsubscribe@mandoc.bsd.lv