diff options
| author |   Ingo Schwarze <schwarze@openbsd.org> | 2014-04-23 16:08:33 +0000 |
|---|---|---|
| committer | Ingo Schwarze <schwarze@openbsd.org> | 2014-04-23 16:08:33 +0000 |
| commit | e1bb09be17d41880b391cdcbe9d968f8964928ff (patch) | |
| tree | eeb097d0331817dc1ea9f7b52f2930635bda4387 /html.c | |
| parent | 1f555653eb03957679b5749f7ac779126c3c2627 (diff) | |
| download | mandoc-e1bb09be17d41880b391cdcbe9d968f8964928ff.tar.gz mandoc-e1bb09be17d41880b391cdcbe9d968f8964928ff.tar.zst mandoc-e1bb09be17d41880b391cdcbe9d968f8964928ff.zip | |
Audit strlcpy(3)/strlcat(3) usage.
* Repair three instances of silent truncation, use asprintf(3).
* Change two instances of strlen(3)+malloc(3)+strlcpy(3)+strlcat(3)+...
to use asprintf(3) instead to make them less error prone.
* Cast the return value of four instances where the destination
buffer is known to be large enough to (void).
* Completely remove three useless instances of strlcpy(3)/strlcat(3).
* Mark two places in -Thtml with XXX that can cause information loss
and crashes but are not easy to fix, requiring design changes of
some internal interfaces.
* The file mandocdb.c remains to be audited.
Diffstat (limited to 'html.c')
| -rw-r--r-- | html.c | 8 |
1 files changed, 7 insertions, 1 deletions
@@ -1,4 +1,4 @@ -/* $Id: html.c,v 1.156 2014/04/20 16:46:04 schwarze Exp $ */ +/* $Id: html.c,v 1.157 2014/04/23 16:08:33 schwarze Exp $ */ /* * Copyright (c) 2008, 2009, 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2011, 2012, 2013, 2014 Ingo Schwarze <schwarze@openbsd.org> @@ -657,6 +657,12 @@ void bufcat(struct html *h, const char *p) { + /* + * XXX This is broken and not easy to fix. + * When using the -Oincludes option, buffmt_includes() + * may pass in strings overrunning BUFSIZ, causing a crash. + */ + h->buflen = strlcat(h->buf, p, BUFSIZ); assert(h->buflen < BUFSIZ); } |