diff options
-rw-r--r-- | main.c | 15 | ||||
-rw-r--r-- | mandoc.h | 3 | ||||
-rw-r--r-- | roff.7 | 10 |
3 files changed, 22 insertions, 6 deletions
@@ -1,4 +1,4 @@ -/* $Id: main.c,v 1.121 2010/12/06 16:55:35 kristaps Exp $ */ +/* $Id: main.c,v 1.122 2010/12/10 20:58:56 schwarze Exp $ */ /* * Copyright (c) 2008, 2009, 2010 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2010 Ingo Schwarze <schwarze@openbsd.org> @@ -41,6 +41,7 @@ #define MAP_FILE 0 #endif +#define REPARSE_LIMIT 1000 #define UNCONST(a) ((void *)(uintptr_t)(const void *)(a)) /* FIXME: Intel's compiler? LLVM? pcc? */ @@ -89,6 +90,7 @@ struct curparse { struct mdoc *mdoc; /* mdoc parser */ struct roff *roff; /* roff parser (!NULL) */ struct regset regs; /* roff registers */ + int reparse_count; /* finite interpolation stack */ enum outt outtype; /* which output to use */ out_mdoc outmdoc; /* mdoc output ptr */ out_man outman; /* man output ptr */ @@ -177,6 +179,7 @@ static const char * const mandocerrs[MANDOCERR_MAX] = { "generic error", + "input stack limit exceeded, infinite loop?", "skipping bad character", "skipping text before the first section header", "skipping unknown macro", @@ -665,8 +668,10 @@ parsebuf(struct curparse *curp, struct buf blk, int start) if (0 == pos && '\0' == blk.buf[i]) break; - if (start) + if (start) { curp->line = lnn; + curp->reparse_count = 0; + } while (i < (int)blk.sz && (start || '\0' != blk.buf[i])) { if ('\n' == blk.buf[i]) { @@ -765,7 +770,11 @@ rerun: switch (rr) { case (ROFF_REPARSE): - parsebuf(curp, ln, 0); + if (REPARSE_LIMIT >= ++curp->reparse_count) + parsebuf(curp, ln, 0); + else + mmsg(MANDOCERR_ROFFLOOP, curp, + curp->line, pos, NULL); pos = 0; continue; case (ROFF_APPEND): @@ -1,4 +1,4 @@ -/* $Id: mandoc.h,v 1.32 2010/12/06 16:55:35 kristaps Exp $ */ +/* $Id: mandoc.h,v 1.33 2010/12/10 20:58:56 schwarze Exp $ */ /* * Copyright (c) 2010 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -101,6 +101,7 @@ enum mandocerr { MANDOCERR_ERROR, /* ===== start of errors ===== */ + MANDOCERR_ROFFLOOP, /* input stack limit exceeded, infinite loop? */ MANDOCERR_BADCHAR, /* skipping bad character */ MANDOCERR_NOTEXT, /* skipping text before the first section header */ MANDOCERR_MACRO, /* skipping unknown macro */ @@ -1,4 +1,4 @@ -.\" $Id: roff.7,v 1.15 2010/12/06 16:37:32 kristaps Exp $ +.\" $Id: roff.7,v 1.16 2010/12/10 20:58:56 schwarze Exp $ .\" .\" Copyright (c) 2010 Kristaps Dzonsons <kristaps@bsd.lv> .\" Copyright (c) 2010 Ingo Schwarze <schwarze@openbsd.org> @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 6 2010 $ +.Dd $Mdocdate: December 10 2010 $ .Dt ROFF 7 .Os .Sh NAME @@ -196,6 +196,12 @@ string interpolation syntax described below .Sx ds , but this is rarely useful because every macro definition contains at least one explicit newline character. +.Pp +In order to prevent endless recursion, both groff and +.Xr mandoc 1 +limit the stack depth for expanding macros and strings +to a large, but finite number. +Do not rely on the exact value of this limit. .Ss \&dei Define a user-defined .Nm |