From 25662a4940503ffb064a92f60db8cd83050b1878 Mon Sep 17 00:00:00 2001 From: Ingo Schwarze Date: Tue, 10 Feb 2015 11:03:13 +0000 Subject: Do not read past the end of the buffer if an "f" layout font modifier is followed by the end of the input line instead of a font specifier. Found by jsg@ with afl, test case #591. While here, improve functionality as well: * There is no "r" font modifier. * Font specifiers (as opposed to font modifiers) are case sensitive. * One-character font specifiers require trailing whitespace. * Ignore parenthised and two-letter font specifiers. --- tbl_layout.c | 38 +++++++++++++++++++++++++++----------- 1 file changed, 27 insertions(+), 11 deletions(-) (limited to 'tbl_layout.c') diff --git a/tbl_layout.c b/tbl_layout.c index dc745b33..ed9acc9c 100644 --- a/tbl_layout.c +++ b/tbl_layout.c @@ -1,4 +1,4 @@ -/* $Id: tbl_layout.c,v 1.37 2015/01/30 04:11:50 schwarze Exp $ */ +/* $Id: tbl_layout.c,v 1.38 2015/02/10 11:03:13 schwarze Exp $ */ /* * Copyright (c) 2009, 2010, 2011 Kristaps Dzonsons * Copyright (c) 2012, 2014, 2015 Ingo Schwarze @@ -97,12 +97,8 @@ mod: switch (tolower((unsigned char)p[(*pos)++])) { case 'b': - /* FALLTHROUGH */ - case 'i': - /* FALLTHROUGH */ - case 'r': - (*pos)--; - break; + cp->flags |= TBL_CELL_BOLD; + goto mod; case 'd': cp->flags |= TBL_CELL_BALIGN; goto mod; @@ -111,6 +107,9 @@ mod: goto mod; case 'f': break; + case 'i': + cp->flags |= TBL_CELL_ITALIC; + goto mod; case 'm': mandoc_msg(MANDOCERR_TBLLAYOUT_MOD, tbl->parse, ln, *pos, "m"); @@ -150,20 +149,37 @@ mod: goto mod; } - switch (tolower((unsigned char)p[(*pos)++])) { + /* Ignore parenthised font names for now. */ + + if (p[*pos] == '(') + goto mod; + + /* Support only one-character font-names for now. */ + + if (p[*pos] == '\0' || (p[*pos + 1] != ' ' && p[*pos + 1] != '.')) { + mandoc_vmsg(MANDOCERR_FT_BAD, tbl->parse, + ln, *pos, "TS %s", p + *pos - 1); + if (p[*pos] != '\0') + (*pos)++; + if (p[*pos] != '\0') + (*pos)++; + goto mod; + } + + switch (p[(*pos)++]) { case '3': /* FALLTHROUGH */ - case 'b': + case 'B': cp->flags |= TBL_CELL_BOLD; goto mod; case '2': /* FALLTHROUGH */ - case 'i': + case 'I': cp->flags |= TBL_CELL_ITALIC; goto mod; case '1': /* FALLTHROUGH */ - case 'r': + case 'R': goto mod; default: mandoc_vmsg(MANDOCERR_FT_BAD, tbl->parse, -- cgit v1.2.3-56-ge451