diff options
author | Ingo Schwarze <schwarze@openbsd.org> | 2015-01-01 18:11:45 +0000 |
---|---|---|
committer | Ingo Schwarze <schwarze@openbsd.org> | 2015-01-01 18:11:45 +0000 |
commit | 031d1f01fc925d18b3af6e51565d51044023590b (patch) | |
tree | 4a8f986e2e6228f47440ab1c0ec4c936921f566a | |
parent | d63e18d2a47de821b302e3d98f4dd17bdcab95f9 (diff) | |
download | mandoc-031d1f01fc925d18b3af6e51565d51044023590b.tar.gz mandoc-031d1f01fc925d18b3af6e51565d51044023590b.tar.zst mandoc-031d1f01fc925d18b3af6e51565d51044023590b.zip |
Fix a read buffer overrun triggered by trailing \s- or trailing \s+
without the required subsequent argument; found by jsg@ with afl.
-rw-r--r-- | mandoc.c | 8 |
1 files changed, 4 insertions, 4 deletions
@@ -1,7 +1,7 @@ -/* $Id: mandoc.c,v 1.89 2014/12/15 17:30:30 schwarze Exp $ */ +/* $Id: mandoc.c,v 1.90 2015/01/01 18:11:45 schwarze Exp $ */ /* - * Copyright (c) 2008, 2009, 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv> - * Copyright (c) 2011, 2012, 2013, 2014 Ingo Schwarze <schwarze@openbsd.org> + * Copyright (c) 2008-2011, 2014 Kristaps Dzonsons <kristaps@bsd.lv> + * Copyright (c) 2011-2015 Ingo Schwarze <schwarze@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -225,7 +225,7 @@ mandoc_escape(const char **end, const char **start, int *sz) /* See +/- counts as a sign. */ if ('+' == **end || '-' == **end || ASCII_HYPH == **end) - (*end)++; + *start = ++*end; switch (**end) { case '(': |