From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp1.rz.uni-karlsruhe.de (Debian-exim@smtp1.rz.uni-karlsruhe.de [129.13.185.217]) by krisdoz.my.domain (8.14.3/8.14.3) with ESMTP id oBJCfIuM021082 for ; Sun, 19 Dec 2010 07:41:18 -0500 (EST) Received: from hekate.usta.de (asta-nat.asta.uni-karlsruhe.de [172.22.63.82]) by smtp1.rz.uni-karlsruhe.de with esmtp (Exim 4.63 #1) id 1PUIZg-00058D-K6; Sun, 19 Dec 2010 13:41:16 +0100 Received: from donnerwolke.usta.de ([172.24.96.3]) by hekate.usta.de with esmtp (Exim 4.72) (envelope-from ) id 1PUIZg-0004hl-I3 for tech@mdocml.bsd.lv; Sun, 19 Dec 2010 13:41:16 +0100 Received: from iris.usta.de ([172.24.96.5] helo=usta.de) by donnerwolke.usta.de with esmtp (Exim 4.69) (envelope-from ) id 1PUIZg-0008RT-H3 for tech@mdocml.bsd.lv; Sun, 19 Dec 2010 13:41:16 +0100 Received: from schwarze by usta.de with local (Exim 4.72) (envelope-from ) id 1PUIZg-0001Bh-GC for tech@mdocml.bsd.lv; Sun, 19 Dec 2010 13:41:16 +0100 Date: Sun, 19 Dec 2010 13:41:16 +0100 From: Ingo Schwarze To: tech@mdocml.bsd.lv Subject: Re: Remaining patches Message-ID: <20101219124116.GC4280@iris.usta.de> References: <4CF662C5.8070806@bsd.lv> <20101202200205.GA12188@iris.usta.de> <4CF82337.2060203@bsd.lv> <20101202232111.GE12188@iris.usta.de> <4CFCE8A6.7000101@bsd.lv> <4CFCE997.6000700@bsd.lv> <20101206142051.GA6999@iris.usta.de> <4CFD0AE3.8050502@bsd.lv> <20101211170236.GF27691@iris.usta.de> <20101211170714.GG27691@iris.usta.de> X-Mailinglist: mdocml-tech Reply-To: tech@mdocml.bsd.lv MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20101211170714.GG27691@iris.usta.de> User-Agent: Mutt/1.5.21 (2010-09-15) Hi Kristaps, Ingo Schwarze wrote on Sat, Dec 11, 2010 at 06:07:14PM +0100: > Gah, that's wrong as well. > It only moves the bug from sz = 1 to sz = initial-1. > > It must be > > buf->sz = buf->sz > initial/2 ? 2 * buf->sz : initial; To get this finally settled: OK for this one, too? Or does it still crash your Alpha? Index: main.c =================================================================== RCS file: /cvs/src/usr.bin/mandoc/main.c,v retrieving revision 1.61 diff -u -p -r1.61 main.c --- main.c 9 Dec 2010 23:01:18 -0000 1.61 +++ main.c 19 Dec 2010 12:34:57 -0000 @@ -375,7 +375,7 @@ static void resize_buf(struct buf *buf, size_t initial) { - buf->sz = buf->sz ? 2 * buf->sz : initial; + buf->sz = buf->sz > initial/2 ? 2 * buf->sz : initial; buf->buf = realloc(buf->buf, buf->sz); if (NULL == buf->buf) { perror(NULL); Index: roff.c =================================================================== RCS file: /cvs/src/usr.bin/mandoc/roff.c,v retrieving revision 1.23 diff -u -p -r1.23 roff.c --- roff.c 9 Dec 2010 20:56:30 -0000 1.23 +++ roff.c 19 Dec 2010 12:34:58 -0000 @@ -345,18 +345,11 @@ roff_res(struct roff *r, char **bufp, si size_t nsz; char *n; - /* String escape sequences have at least three characters. */ + /* Search for a leading backslash and save a pointer to it. */ - for (cp = *bufp + pos; cp[0] && cp[1] && cp[2]; cp++) { - - /* - * The first character must be a backslash. - * Save a pointer to it. - */ - - if ('\\' != *cp) - continue; - stesc = cp; + cp = *bufp + pos; + while (NULL != (cp = strchr(cp, '\\'))) { + stesc = cp++; /* * The second character must be an asterisk. @@ -364,7 +357,9 @@ roff_res(struct roff *r, char **bufp, si * so it can't start another escape sequence. */ - if ('*' != *(++cp)) + if ('\0' == *cp) + return(1); + if ('*' != *cp++) continue; /* @@ -373,7 +368,9 @@ roff_res(struct roff *r, char **bufp, si * Save a pointer to the name. */ - switch (*(++cp)) { + switch (*cp) { + case ('\0'): + return(1); case ('('): cp++; maxl = 2; -- To unsubscribe send an email to tech+unsubscribe@mdocml.bsd.lv