From 8ef8ebcf522a1fcfacc2601f9db3f97a55a3ddfd Mon Sep 17 00:00:00 2001
From: Ingo Schwarze <schwarze@openbsd.org>
Date: Tue, 7 Mar 2017 20:00:08 +0000
Subject: If a user-defined macro is aborted because it exceeds the stack
 limit, usually due to infinite recursion, discard whatever remains in all
 those open stack levels.  Otherwise, insane constructions like the following
 could generate macros of enormous size, causing mandoc(1) to die from memory
 exhaustion:

.de m  \" original macro definition
.m     \" recursion to blow up the stack
.de m  \" definition to be run during the call of .m marked (*)
very long plain text (some kilobytes)
.m     \" expand the above a thousand times while unwinding the stack
..     \" end of the original definition
.m     \" (*) recursively generate a ridiculously large macro
..     \" end of recursively generated definition
.m     \" execute the giant macro, exhausting memory

Very creative abuse found by tb@ with afl(1).
---
 regress/roff/de/Makefile           |  9 +++++++--
 regress/roff/de/infinite.in        | 14 ++++++++++++++
 regress/roff/de/infinite.out_ascii |  9 +++++++++
 regress/roff/de/infinite.out_lint  |  1 +
 4 files changed, 31 insertions(+), 2 deletions(-)
 create mode 100644 regress/roff/de/infinite.in
 create mode 100644 regress/roff/de/infinite.out_ascii
 create mode 100644 regress/roff/de/infinite.out_lint

(limited to 'regress/roff/de')

diff --git a/regress/roff/de/Makefile b/regress/roff/de/Makefile
index 9488ce05..43bcf00f 100644
--- a/regress/roff/de/Makefile
+++ b/regress/roff/de/Makefile
@@ -1,7 +1,12 @@
 # $OpenBSD: Makefile,v 1.9 2015/02/03 19:37:25 schwarze Exp $
 
-REGRESS_TARGETS = append cond escname factorial indir startde TH Dd
-LINT_TARGETS	= escname indir
+REGRESS_TARGETS	 = append cond escname factorial indir infinite startde TH Dd
+LINT_TARGETS	 = escname indir infinite
+
+# groff-1.22.3 defect:
+# infinite recursion aborts output completely
+
+SKIP_GROFF	 = infinite
 
 .include <bsd.regress.mk>
 
diff --git a/regress/roff/de/infinite.in b/regress/roff/de/infinite.in
new file mode 100644
index 00000000..683eba7f
--- /dev/null
+++ b/regress/roff/de/infinite.in
@@ -0,0 +1,14 @@
+.Dd March 7, 2017
+.Dt DE-INFINITE 1
+.Os OpenBSD
+.Sh NAME
+.Nm de-infinite
+.Nd inifinte recursion in a user-defined macro
+.Sh DESCRIPTION
+initial text
+.de mym
+.mym
+not printed
+..
+.mym
+final text
diff --git a/regress/roff/de/infinite.out_ascii b/regress/roff/de/infinite.out_ascii
new file mode 100644
index 00000000..7f8210ab
--- /dev/null
+++ b/regress/roff/de/infinite.out_ascii
@@ -0,0 +1,9 @@
+DE-INFINITE(1)              General Commands Manual             DE-INFINITE(1)
+
+NNAAMMEE
+     ddee--iinnffiinniittee - inifinte recursion in a user-defined macro
+
+DDEESSCCRRIIPPTTIIOONN
+     initial text final text
+
+OpenBSD                          March 7, 2017                         OpenBSD
diff --git a/regress/roff/de/infinite.out_lint b/regress/roff/de/infinite.out_lint
new file mode 100644
index 00000000..168c7be4
--- /dev/null
+++ b/regress/roff/de/infinite.out_lint
@@ -0,0 +1 @@
+mandoc: infinite.in:13:5: ERROR: input stack limit exceeded, infinite loop?
-- 
cgit v1.2.3-56-ge451