From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp-3.sys.kth.se (smtp-3.sys.kth.se [130.237.48.192]) by krisdoz.my.domain (8.14.5/8.14.5) with ESMTP id s9JL2frH011083 for ; Sun, 19 Oct 2014 17:02:44 -0400 (EDT) Received: from smtp-3.sys.kth.se (localhost.localdomain [127.0.0.1]) by smtp-3.sys.kth.se (Postfix) with ESMTP id B43AF22BA for ; Sun, 19 Oct 2014 23:02:40 +0200 (CEST) X-Virus-Scanned: by amavisd-new at kth.se Received: from smtp-3.sys.kth.se ([127.0.0.1]) by smtp-3.sys.kth.se (smtp-3.sys.kth.se [127.0.0.1]) (amavisd-new, port 10024) with LMTP id irWw5UMORnq1 for ; Sun, 19 Oct 2014 23:02:30 +0200 (CEST) X-KTH-Auth: kristaps [82.239.22.94] X-KTH-mail-from: kristaps@bsd.lv X-KTH-rcpt-to: tech@mdocml.bsd.lv Received: from skins.local (jau31-3-82-239-22-94.fbx.proxad.net [82.239.22.94]) by smtp-3.sys.kth.se (Postfix) with ESMTPSA id 332B41F84 for ; Sun, 19 Oct 2014 23:02:27 +0200 (CEST) Message-ID: <544426E3.9000009@bsd.lv> Date: Sun, 19 Oct 2014 23:02:27 +0200 From: Kristaps Dzonsons User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 X-Mailinglist: mdocml-tech Reply-To: tech@mdocml.bsd.lv MIME-Version: 1.0 To: tech@mdocml.bsd.lv Subject: Division by zero Content-Type: multipart/mixed; boundary="------------050407070905060906080009" This is a multi-part message in MIME format. --------------050407070905060906080009 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Hi, Enclosed is a patch to handle roff.c's division by zero. This was found (indirectly) when playing with mandoc's new support for inline equations. groff(1) seems to actually warn us when this happens--if we're to do the same, we'll need to pass the mparse function through to the offending function. By the way, upon an audit, I see that term_ps.c is vulnerable to division by zero if the "scale" parameter in termp_ps is zero. However, we don't ever seem to re-set that, so it's ok. Best, Kristaps --------------050407070905060906080009 Content-Type: text/plain; charset=UTF-8; x-mac-type="0"; x-mac-creator="0"; name="divbyzero.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="divbyzero.patch" ? .DS_Store ? .test.1.swp ? Makefile.local ? TEST.sh ? TEST.sh.out ? bar.1 ? cgi-doc.diff ? cgi.h ? config.h ? config.log ? configure.local ? demandoc ? ditto.1 ? divbyzero.patch ? eqn-test.1 ? eqn-test.1.html ? eqn.2.patch ? eqn.bak.c ? eqn.patch ? foo ? foo.1 ? foo.1.html ? foo.1.ps ? foo.2 ? foo.2.html ? foo.3 ? foo.3.html ? foo.4 ? foo.4.html ? foo.5 ? foo.5.html ? foo.5.ps ? foo.sh ? makewhatis ? man.cgi ? mandoc ? plockstat.1 ? preconv ? term.diff ? test-dirent-namlen.dSYM ? test-fgetln.dSYM ? test-fts.dSYM ? test-getsubopt.dSYM ? test-mmap.dSYM ? test-sqlite3.dSYM ? test-strcasestr.dSYM ? test-strlcat.dSYM ? test-strlcpy.dSYM ? test-strptime.dSYM ? test-strsep.dSYM ? test-wchar.dSYM ? test.1 Index: roff.c =================================================================== RCS file: /usr/vhosts/mdocml.bsd.lv/cvs/mdocml/roff.c,v retrieving revision 1.231 diff -u -p -r1.231 roff.c --- roff.c 16 Oct 2014 01:28:38 -0000 1.231 +++ roff.c 19 Oct 2014 20:54:47 -0000 @@ -1545,6 +1545,8 @@ roff_evalnum(const char *v, int *pos, in *res *= operand2; break; case '/': + if (0.0 == operand2) + break; *res /= operand2; break; case '%': --------------050407070905060906080009-- -- To unsubscribe send an email to tech+unsubscribe@mdocml.bsd.lv