From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 7393 invoked from network); 9 Sep 2020 13:45:41 -0000 Received: from bsd.lv (HELO mandoc.bsd.lv) (66.111.2.12) by inbox.vuxu.org with ESMTPUTF8; 9 Sep 2020 13:45:41 -0000 Received: from fantadrom.bsd.lv (localhost [127.0.0.1]) by mandoc.bsd.lv (OpenSMTPD) with ESMTP id bc7b56ee for ; Wed, 9 Sep 2020 08:45:36 -0500 (EST) Received: from localhost (mandoc.bsd.lv [local]) by mandoc.bsd.lv (OpenSMTPD) with ESMTPA id 773e9afe for ; Wed, 9 Sep 2020 08:45:35 -0500 (EST) Date: Wed, 9 Sep 2020 08:45:35 -0500 (EST) X-Mailinglist: mandoc-source Reply-To: source@mandoc.bsd.lv MIME-Version: 1.0 From: schwarze@mandoc.bsd.lv To: source@mandoc.bsd.lv Subject: mandoc: Do not abuse assert(3) to react to absurd input; the purpose of X-Mailer: activitymail 1.26, http://search.cpan.org/dist/activitymail/ Content-Type: text/plain; charset=utf-8 Message-ID: Log Message: ----------- Do not abuse assert(3) to react to absurd input; the purpose of assert(3) only is to catch internal inconsistencies in the program itself. Issue found in an afl run performed by Jan Schreiber . Instead, just cut down unreasonably wide spacing requested by the document to a narrower width. Modified Files: -------------- mandoc: term_ascii.c Revision Data ------------- Index: term_ascii.c =================================================================== RCS file: /home/cvs/mandoc/mandoc/term_ascii.c,v retrieving revision 1.65 retrieving revision 1.66 diff -Lterm_ascii.c -Lterm_ascii.c -u -p -r1.65 -r1.66 --- term_ascii.c +++ term_ascii.c @@ -245,7 +245,14 @@ ascii_advance(struct termp *p, size_t le { size_t i; - assert(len < UINT16_MAX); + /* + * XXX We used to have "assert(len < UINT16_MAX)" here. + * that is not quite right because the input document + * can trigger that by merely providing large input. + * For now, simply truncate. + */ + if (len > 256) + len = 256; for (i = 0; i < len; i++) putchar(' '); } @@ -383,7 +390,14 @@ locale_advance(struct termp *p, size_t l { size_t i; - assert(len < UINT16_MAX); + /* + * XXX We used to have "assert(len < UINT16_MAX)" here. + * that is not quite right because the input document + * can trigger that by merely providing large input. + * For now, simply truncate. + */ + if (len > 256) + len = 256; for (i = 0; i < len; i++) putwchar(L' '); } -- To unsubscribe send an email to source+unsubscribe@mandoc.bsd.lv