diff options
| author |   Ingo Schwarze <schwarze@openbsd.org> | 2020-09-06 14:45:22 +0000 |
|---|---|---|
| committer | Ingo Schwarze <schwarze@openbsd.org> | 2020-09-06 14:45:22 +0000 |
| commit | 1c972bdca42560b7e203458ca4ffa11c584cd149 (patch) | |
| tree | 8ee1963cb9e75b14217a957316fd6d86dcca5130 | |
| parent | 30fa4bfa1d93f60689c0c47c0e532f2fc5cae39b (diff) | |
| download | mandoc-1c972bdca42560b7e203458ca4ffa11c584cd149.tar.gz mandoc-1c972bdca42560b7e203458ca4ffa11c584cd149.tar.zst mandoc-1c972bdca42560b7e203458ca4ffa11c584cd149.zip | |
After .ti, there are many reasons why the offset may change, so setting
it back later requires a guard against underflow, or subsequent assertions
may fail.
Issue found in an afl run performed by Jan Schreiber <jes at posteo dot de>.
| -rw-r--r-- | term_ascii.c | 14 | ||||
| -rw-r--r-- | term_ps.c | 9 |
2 files changed, 16 insertions, 7 deletions
diff --git a/term_ascii.c b/term_ascii.c index 368623ca..4e06a739 100644 --- a/term_ascii.c +++ b/term_ascii.c @@ -1,7 +1,7 @@ -/* $Id: term_ascii.c,v 1.64 2018/11/28 14:23:06 schwarze Exp $ */ +/* $Id: term_ascii.c,v 1.65 2020/09/06 14:45:22 schwarze Exp $ */ /* * Copyright (c) 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv> - * Copyright (c) 2014, 2015, 2017, 2018 Ingo Schwarze <schwarze@openbsd.org> + * Copyright (c) 2014,2015,2017,2018,2020 Ingo Schwarze <schwarze@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -232,7 +232,10 @@ ascii_endline(struct termp *p) { p->line++; - p->tcol->offset -= p->ti; + if ((int)p->tcol->offset > p->ti) + p->tcol->offset -= p->ti; + else + p->tcol->offset = 0; p->ti = 0; putchar('\n'); } @@ -390,7 +393,10 @@ locale_endline(struct termp *p) { p->line++; - p->tcol->offset -= p->ti; + if ((int)p->tcol->offset > p->ti) + p->tcol->offset -= p->ti; + else + p->tcol->offset = 0; p->ti = 0; putwchar(L'\n'); } @@ -1,7 +1,7 @@ -/* $Id: term_ps.c,v 1.91 2017/11/10 23:42:52 schwarze Exp $ */ +/* $Id: term_ps.c,v 1.92 2020/09/06 14:45:22 schwarze Exp $ */ /* * Copyright (c) 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv> - * Copyright (c) 2014, 2015, 2016, 2017 Ingo Schwarze <schwarze@openbsd.org> + * Copyright (c) 2014,2015,2016,2017,2020 Ingo Schwarze <schwarze@openbsd.org> * Copyright (c) 2017 Marc Espie <espie@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any @@ -1252,7 +1252,10 @@ ps_endline(struct termp *p) ps_closepage(p); - p->tcol->offset -= p->ti; + if ((int)p->tcol->offset > p->ti) + p->tcol->offset -= p->ti; + else + p->tcol->offset = 0; p->ti = 0; } |