diff options
author | Ingo Schwarze <schwarze@openbsd.org> | 2014-12-24 09:58:35 +0000 |
---|---|---|
committer | Ingo Schwarze <schwarze@openbsd.org> | 2014-12-24 09:58:35 +0000 |
commit | fb95344148cb8c3ffd77776cedee32c2661cffa1 (patch) | |
tree | 8b623c201368f1b9046f9019e7f8b8804796667d /term.c | |
parent | e98af5414161553ffd7b765ad3a2451626334232 (diff) | |
download | mandoc-fb95344148cb8c3ffd77776cedee32c2661cffa1.tar.gz mandoc-fb95344148cb8c3ffd77776cedee32c2661cffa1.tar.zst mandoc-fb95344148cb8c3ffd77776cedee32c2661cffa1.zip |
When a man(7) document contains unreasonably large numbers for
indentations or paragraph distances, large output may be generated,
which is practically the same as an endless loop; found by jsg@
with afl.
Reject such unreasonably large numbers beyond arbitrary limits
similar to those used by groff (max. 65 blank lines between paragraphs
and max. SHRT_MAX characters per output line) and fall back to
defaults when exceeded. Having the limits behave in exactly the
same way is not relevant.
Diffstat (limited to 'term.c')
-rw-r--r-- | term.c | 6 |
1 files changed, 4 insertions, 2 deletions
@@ -1,4 +1,4 @@ -/* $Id: term.c,v 1.240 2014/12/23 13:48:57 schwarze Exp $ */ +/* $Id: term.c,v 1.241 2014/12/24 09:58:35 schwarze Exp $ */ /* * Copyright (c) 2008, 2009, 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2010-2014 Ingo Schwarze <schwarze@openbsd.org> @@ -773,6 +773,7 @@ int term_vspan(const struct termp *p, const struct roffsu *su) { double r; + int ri; switch (su->unit) { case SCALE_BU: @@ -808,7 +809,8 @@ term_vspan(const struct termp *p, const struct roffsu *su) abort(); /* NOTREACHED */ } - return(r > 0.0 ? r + 0.4995 : r - 0.4995); + ri = r > 0.0 ? r + 0.4995 : r - 0.4995; + return(ri < 66 ? ri : 1); } int |