From b300a4ff9ca15ee75ac8b05afd9d5817390384ae Mon Sep 17 00:00:00 2001 From: Ingo Schwarze Date: Thu, 20 Nov 2014 13:56:20 +0000 Subject: [PATCH] Prevent negative arguments to the .ll request from causing integer underflow. Found while preparing an audit of termp.rmargin. Overflow can also happen, but i see no sane way to deal with it, so just let it happen. It doesn't happen for any sane input anyway, groff behaviour is undefined, and the resulting values are legal, even though they are useless. --- term_ascii.c | 10 ++++++---- term_ps.c | 10 ++++++---- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/term_ascii.c b/term_ascii.c index 6c290453..71d8af4c 100644 --- a/term_ascii.c +++ b/term_ascii.c @@ -1,4 +1,4 @@ -/* $Id: term_ascii.c,v 1.39 2014/10/28 18:49:33 schwarze Exp $ */ +/* $Id: term_ascii.c,v 1.40 2014/11/20 13:56:20 schwarze Exp $ */ /* * Copyright (c) 2010, 2011 Kristaps Dzonsons * Copyright (c) 2014 Ingo Schwarze @@ -159,12 +159,14 @@ ascii_setwidth(struct termp *p, int iop, size_t width) { p->rmargin = p->defrmargin; - if (0 < iop) + if (iop > 0) p->defrmargin += width; - else if (0 > iop) + else if (iop == 0) + p->defrmargin = width ? width : p->lastrmargin; + else if (p->defrmargin > width) p->defrmargin -= width; else - p->defrmargin = width ? width : p->lastrmargin; + p->defrmargin = 0; p->lastrmargin = p->rmargin; p->rmargin = p->maxrmargin = p->defrmargin; } diff --git a/term_ps.c b/term_ps.c index ec6d9b59..2f0b434a 100644 --- a/term_ps.c +++ b/term_ps.c @@ -1,4 +1,4 @@ -/* $Id: term_ps.c,v 1.68 2014/10/28 17:36:19 schwarze Exp $ */ +/* $Id: term_ps.c,v 1.69 2014/11/20 13:56:20 schwarze Exp $ */ /* * Copyright (c) 2010, 2011 Kristaps Dzonsons * Copyright (c) 2014 Ingo Schwarze @@ -635,12 +635,14 @@ ps_setwidth(struct termp *p, int iop, size_t width) size_t lastwidth; lastwidth = p->ps->width; - if (0 < iop) + if (iop > 0) p->ps->width += width; - else if (0 > iop) + else if (iop == 0) + p->ps->width = width ? width : p->ps->lastwidth; + else if (p->ps->width > width) p->ps->width -= width; else - p->ps->width = width ? width : p->ps->lastwidth; + p->ps->width = 0; p->ps->lastwidth = lastwidth; } -- 2.47.1