Log Message: ----------- Do not abuse assert(3) to react to absurd input; the purpose of assert(3) only is to catch internal inconsistencies in the program itself. Issue found in an afl run performed by Jan Schreiber <jes at posteo dot de>. Instead, just cut down unreasonably wide spacing requested by the document to a narrower width. Modified Files: -------------- mandoc: term_ascii.c Revision Data ------------- Index: term_ascii.c =================================================================== RCS file: /home/cvs/mandoc/mandoc/term_ascii.c,v retrieving revision 1.65 retrieving revision 1.66 diff -Lterm_ascii.c -Lterm_ascii.c -u -p -r1.65 -r1.66 --- term_ascii.c +++ term_ascii.c @@ -245,7 +245,14 @@ ascii_advance(struct termp *p, size_t le { size_t i; - assert(len < UINT16_MAX); + /* + * XXX We used to have "assert(len < UINT16_MAX)" here. + * that is not quite right because the input document + * can trigger that by merely providing large input. + * For now, simply truncate. + */ + if (len > 256) + len = 256; for (i = 0; i < len; i++) putchar(' '); } @@ -383,7 +390,14 @@ locale_advance(struct termp *p, size_t l { size_t i; - assert(len < UINT16_MAX); + /* + * XXX We used to have "assert(len < UINT16_MAX)" here. + * that is not quite right because the input document + * can trigger that by merely providing large input. + * For now, simply truncate. + */ + if (len > 256) + len = 256; for (i = 0; i < len; i++) putwchar(L' '); } -- To unsubscribe send an email to source+unsubscribe@mandoc.bsd.lv