From 6e13fac22eeefb3e711d98236a94e9f7fefb6442 Mon Sep 17 00:00:00 2001
From: Ingo Schwarze <schwarze@openbsd.org>
Date: Fri, 19 Dec 2014 17:12:04 +0000
Subject: Enforcing an arbitrary, implementation dependent, undocumented limit
 by calling assert() when valid user input exceeds it is a bad idea. Allocate
 the terminal font stack dynamically instead of crashing above 10 entries. 
 Issue found by jsg@ with afl.

---
 term_ascii.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'term_ascii.c')

diff --git a/term_ascii.c b/term_ascii.c
index 71d8af4c..5cc6304a 100644
--- a/term_ascii.c
+++ b/term_ascii.c
@@ -1,4 +1,4 @@
-/*	$Id: term_ascii.c,v 1.40 2014/11/20 13:56:20 schwarze Exp $ */
+/*	$Id: term_ascii.c,v 1.41 2014/12/19 17:12:04 schwarze Exp $ */
 /*
  * Copyright (c) 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2014 Ingo Schwarze <schwarze@openbsd.org>
@@ -69,6 +69,9 @@ ascii_init(enum termenc enc, const struct mchars *mchars, char *outopts)
 	p->symtab = mchars;
 	p->tabwidth = 5;
 	p->defrmargin = p->lastrmargin = 78;
+	p->fontq = mandoc_reallocarray(NULL,
+	     (p->fontsz = 8), sizeof(enum termfont));
+	p->fontq[0] = p->fontl = TERMFONT_NONE;
 
 	p->begin = ascii_begin;
 	p->end = ascii_end;
-- 
cgit v1.2.3