From 6e13fac22eeefb3e711d98236a94e9f7fefb6442 Mon Sep 17 00:00:00 2001
From: Ingo Schwarze <schwarze@openbsd.org>
Date: Fri, 19 Dec 2014 17:12:04 +0000
Subject: Enforcing an arbitrary, implementation dependent, undocumented limit
 by calling assert() when valid user input exceeds it is a bad idea. Allocate
 the terminal font stack dynamically instead of crashing above 10 entries. 
 Issue found by jsg@ with afl.

---
 term_ps.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'term_ps.c')

diff --git a/term_ps.c b/term_ps.c
index e3299d70..d2452669 100644
--- a/term_ps.c
+++ b/term_ps.c
@@ -1,4 +1,4 @@
-/*	$Id: term_ps.c,v 1.70 2014/12/01 08:05:52 schwarze Exp $ */
+/*	$Id: term_ps.c,v 1.71 2014/12/19 17:12:04 schwarze Exp $ */
 /*
  * Copyright (c) 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2014 Ingo Schwarze <schwarze@openbsd.org>
@@ -540,6 +540,9 @@ pspdf_alloc(const struct mchars *mchars, char *outopts)
 	p = mandoc_calloc(1, sizeof(struct termp));
 	p->symtab = mchars;
 	p->enc = TERMENC_ASCII;
+	p->fontq = mandoc_reallocarray(NULL,
+	    (p->fontsz = 8), sizeof(enum termfont));
+	p->fontq[0] = p->fontl = TERMFONT_NONE;
 	p->ps = mandoc_calloc(1, sizeof(struct termp_ps));
 
 	p->advance = ps_advance;
-- 
cgit v1.2.3