diff options
| author |   Ingo Schwarze <schwarze@openbsd.org> | 2020-09-01 18:25:27 +0000 |
|---|---|---|
| committer | Ingo Schwarze <schwarze@openbsd.org> | 2020-09-01 18:25:27 +0000 |
| commit | 835540e0c710d0fcef85cc4e79f3200d559bc2c9 (patch) | |
| tree | 892f10a95a8c810db492fb001ba07a501400fda8 /tbl_layout.c | |
| parent | 74317de919ffbe0b012c3dc4777d6b55037b810a (diff) | |
| download | mandoc-835540e0c710d0fcef85cc4e79f3200d559bc2c9.tar.gz mandoc-835540e0c710d0fcef85cc4e79f3200d559bc2c9.tar.zst mandoc-835540e0c710d0fcef85cc4e79f3200d559bc2c9.zip | |
Ignore unreasonably large spacing modifiers in tbl layouts.
Jan Schreiber <jes at posteo dot de> ran afl on mandoc and it turned
out mandoc tried to use spacing modifiers so large that they would
trigger assertion failures in term_ascii.c, function locale_advance().
Diffstat (limited to 'tbl_layout.c')
| -rw-r--r-- | tbl_layout.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/tbl_layout.c b/tbl_layout.c index 58599705..b25677a2 100644 --- a/tbl_layout.c +++ b/tbl_layout.c @@ -1,4 +1,4 @@ -/* $Id: tbl_layout.c,v 1.48 2018/12/14 05:18:03 schwarze Exp $ */ +/* $Id: tbl_layout.c,v 1.49 2020/09/01 18:25:28 schwarze Exp $ */ /* * Copyright (c) 2009, 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2012, 2014, 2015, 2017 Ingo Schwarze <schwarze@openbsd.org> @@ -65,6 +65,7 @@ mods(struct tbl_node *tbl, struct tbl_cell *cp, int ln, const char *p, int *pos) { char *endptr; + unsigned long spacing; size_t sz; mod: @@ -93,7 +94,11 @@ mod: /* Parse numerical spacing from modifier string. */ if (isdigit((unsigned char)p[*pos])) { - cp->spacing = strtoull(p + *pos, &endptr, 10); + if ((spacing = strtoul(p + *pos, &endptr, 10)) > 9) + mandoc_msg(MANDOCERR_TBLLAYOUT_SPC, ln, *pos, + "%lu", spacing); + else + cp->spacing = spacing; *pos = endptr - p; goto mod; } |