diff options
-rw-r--r-- | NEWS | 6 | ||||
-rw-r--r-- | roff.c | 5 |
2 files changed, 8 insertions, 3 deletions
@@ -1,4 +1,4 @@ -$Id: NEWS,v 1.30 2018/08/01 13:46:15 schwarze Exp $ +$Id: NEWS,v 1.31 2018/08/01 15:40:17 schwarze Exp $ This file lists the most important changes in the mandoc.bsd.lv distribution. @@ -35,6 +35,8 @@ Changes in version 1.14.4, released on August XXX, 2018 * Only activate UTF-8 output when the user really selected UTF-8, not some other multibyte character encoding. * Prevent excessive .ll arguments from generating infinite output. + * Fix out of bounds accesses to parse buffers that could happen when + using renamed or user defined macros after roff(7) conditionals. * Avoid an assertion failure in certain .Bl -column lists. * Avoid a NULL pointer access on deroff() failure after '.SS ""'. * Fix a segfault that could be triggered by two invalid .Dt macros. @@ -60,7 +62,7 @@ Changes in version 1.14.4, released on August XXX, 2018 * Thomas Klausner (NetBSD) for suggesting two new style messages, one new feature, and for two bug reports. * Leah Neukirchen (Void Linux) for suggesting a new style message, - four bug reports, and release testing. + five bug reports, and release testing. * Anthony Bentley (OpenBSD) for reporting multiple bugs and missing features. * Paul Irofti (OpenBSD) and Nate Bargmann for suggesting new features. @@ -1,4 +1,4 @@ -/* $Id: roff.c,v 1.328 2018/04/11 17:11:13 schwarze Exp $ */ +/* $Id: roff.c,v 1.329 2018/08/01 15:40:17 schwarze Exp $ */ /* * Copyright (c) 2008-2012, 2014 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2010-2015, 2017, 2018 Ingo Schwarze <schwarze@openbsd.org> @@ -2845,6 +2845,7 @@ roff_TE(ROFF_ARGS) free(buf->buf); buf->buf = mandoc_strdup(".sp"); buf->sz = 4; + *offs = 0; return ROFF_REPARSE; } r->tbl = NULL; @@ -3364,6 +3365,7 @@ roff_userdef(ROFF_ARGS) ln, (int)(cp - n1), NULL); free(buf->buf); buf->buf = n1; + *offs = 0; return ROFF_IGN; } @@ -3458,6 +3460,7 @@ roff_renamed(ROFF_ARGS) buf->buf[pos] == '\0' ? "" : " ", buf->buf + pos) + 1; free(buf->buf); buf->buf = nbuf; + *offs = 0; return ROFF_CONT; } |