]> git.cameronkatri.com Git - mandoc.git/blobdiff - roff.c
git.ckatri.com / mandoc.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
The CommonMark specification allows list markers fo the form "number) "
[mandoc.git] / roff.c
diff --git a/roff.c b/roff.c
index a6f270405b161f4d9490a63b883f0c9971313933..cf9a1baa164b027448b16a2e28bc2e5ba3640336 100644 (file)
--- a/roff.c
+++ b/roff.c
@@ -1,4 +1,4 @@
-/*     $Id: roff.c,v 1.290 2017/03/03 11:50:49 schwarze Exp $ */
+/*     $Id: roff.c,v 1.292 2017/03/08 13:18:10 schwarze Exp $ */
 /*
  * Copyright (c) 2008-2012, 2014 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2010-2015, 2017 Ingo Schwarze <schwarze@openbsd.org>
@@ -1608,7 +1608,7 @@ roff_parseln(struct roff *r, int ln, struct buf *buf, int *offs)
                        return ROFF_IGN;
                while (buf->buf[pos] != '\0' && buf->buf[pos] != ' ')
                        pos++;
-               while (buf->buf[pos] != '\0' && buf->buf[pos] == ' ')
+               while (buf->buf[pos] == ' ')
                        pos++;
                return tbl_read(r->tbl, ln, buf->buf, pos);
        }
@@ -3038,7 +3038,7 @@ roff_userdef(ROFF_ARGS)
 {
        const char       *arg[9], *ap;
        char             *cp, *n1, *n2;
-       int               i, ib, ie;
+       int               expand_count, i, ib, ie;
        size_t            asz, rsz;
 
        /*
@@ -3062,8 +3062,9 @@ roff_userdef(ROFF_ARGS)
         */
 
        buf->sz = strlen(r->current_string) + 1;
-       n1 = cp = mandoc_malloc(buf->sz);
+       n1 = n2 = cp = mandoc_malloc(buf->sz);
        memcpy(n1, r->current_string, buf->sz);
+       expand_count = 0;
        while (*cp != '\0') {
 
                /* Scan ahead for the next argument invocation. */
@@ -3082,6 +3083,18 @@ roff_userdef(ROFF_ARGS)
                }
                cp -= 2;
 
+               /*
+                * Prevent infinite recursion.
+                */
+
+               if (cp >= n2)
+                       expand_count = 1;
+               else if (++expand_count > EXPAND_LIMIT) {
+                       mandoc_msg(MANDOCERR_ROFFLOOP, r->parse,
+                           ln, (int)(cp - n1), NULL);
+                       return ROFF_IGN;
+               }
+
                /*
                 * Determine the size of the expanded argument,
                 * taking escaping of quotes into account.
A git conversion mirror of mandoc.bsd.lv