If .ti had an excessive argument, using it was attempted, in some

cases resulting in an assertion failure.  Instead, truncate the
temporary indent to a width reasonable in a manual page.

I found the issue in an afl run
that was performed by Jan Schreiber <jes at posteo dot de>.

diff --git a/regress/roff/ti/Makefile b/regress/roff/ti/Makefile
index 4ac4cde0171634a0bdc32c3aa2265ccc7c202c42..aa0b1f9732535ab1098d5facd06472b84cda0df5 100644 (file)
--- a/regress/roff/ti/Makefile
+++ b/regress/roff/ti/Makefile
@@ -1,5 +1,11 @@
-# $OpenBSD: Makefile,v 1.1 2017/05/07 17:30:58 schwarze Exp $
+# $OpenBSD: Makefile,v 1.2 2020/09/03 17:37:06 schwarze Exp $
 
-REGRESS_TARGETS        = basic-mdoc basic-man
+REGRESS_TARGETS         = basic-mdoc basic-man wide
+
+# groff-1.22.4 defect:
+# - Excessive temporare indentations cause excessive line lengths
+#   instead of being truncated to resonable indentations.
+
+SKIP_GROFF      = wide
 
 .include <bsd.regress.mk>

diff --git a/regress/roff/ti/wide.in b/regress/roff/ti/wide.in
new file mode 100644 (file)
index 0000000..46a1f90
--- /dev/null
+++ b/regress/roff/ti/wide.in
@@ -0,0 +1,19 @@
+.\" $OpenBSD: wide.in,v 1.1 2020/09/03 17:37:06 schwarze Exp $
+.TH TI-WIDE 1 "September 3, 2020"
+.SH NAME
+ti-wide \- excessive temporary indentation
+.SH DESCRIPTION
+Absolute .ti of more than 72n:
+.ti 80n
+max
+.RS 40n
+Indented block plus excessive relative indentation:
+.ti +40n
+max
+.RE
+.RS 66n
+Block beyond 72n:
+.ti +4n
+same
+.RE
+Back to normal.

diff --git a/regress/roff/ti/wide.out_ascii b/regress/roff/ti/wide.out_ascii
new file mode 100644 (file)
index 0000000..95a98dd
--- /dev/null
+++ b/regress/roff/ti/wide.out_ascii
@@ -0,0 +1,22 @@
+TI-WIDE(1)                  General Commands Manual                 TI-WIDE(1)
+
+
+
+N\bNA\bAM\bME\bE
+       ti-wide - excessive temporary indentation
+
+D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
+       Absolute .ti of more than 72n:
+                                                                        max
+                                               Indented block plus excessive
+                                               relative indentation:
+                                                                        max
+                                                                         Block
+                                                                         beyond
+                                                                         72n:
+                                                                         same
+       Back to normal.
+
+
+
+OpenBSD                        September 3, 2020                    TI-WIDE(1)

diff --git a/roff_term.c b/roff_term.c
index 9b251f49a32223b1d6de194a5e7d99c431f4c6aa..ebfb75ef0810ef67b8adbd950c52f186f07b9bb4 100644 (file)
--- a/roff_term.c
+++ b/roff_term.c
@@ -1,4 +1,4 @@
-/* $Id: roff_term.c,v 1.20 2020/06/22 19:20:40 schwarze Exp $ */
+/* $Id: roff_term.c,v 1.21 2020/09/03 17:42:15 schwarze Exp $ */
 /*
  * Copyright (c) 2010,2014,2015,2017-2019 Ingo Schwarze <schwarze@openbsd.org>
  *
@@ -210,6 +210,7 @@ roff_term_pre_ti(ROFF_TERM_ARGS)
 {
        struct roffsu    su;
        const char      *cp;
+       const size_t     maxoff = 72;
        int              len, sign;
 
        roff_term_pre_br(p, n);
@@ -230,17 +231,26 @@ roff_term_pre_ti(ROFF_TERM_ARGS)
                return;
        len = term_hen(p, &su);
 
-       if (sign == 0) {
+       switch (sign) {
+       case 1:
+               if (p->tcol->offset + len <= maxoff)
+                       p->ti = len;
+               else if (p->tcol->offset < maxoff)
+                       p->ti = maxoff - p->tcol->offset;
+               else
+                       p->ti = 0;
+               break;
+       case -1:
+               if ((size_t)len < p->tcol->offset)
+                       p->ti = -len;
+               else
+                       p->ti = -p->tcol->offset;
+               break;
+       default:
+               if ((size_t)len > maxoff)
+                       len = maxoff;
                p->ti = len - p->tcol->offset;
-               p->tcol->offset = len;
-       } else if (sign == 1) {
-               p->ti = len;
-               p->tcol->offset += len;
-       } else if ((size_t)len < p->tcol->offset) {
-               p->ti = -len;
-               p->tcol->offset -= len;
-       } else {
-               p->ti = -p->tcol->offset;
-               p->tcol->offset = 0;
+               break;
        }
+       p->tcol->offset += p->ti;
 }