From 1c972bdca42560b7e203458ca4ffa11c584cd149 Mon Sep 17 00:00:00 2001
From: Ingo Schwarze <schwarze@openbsd.org>
Date: Sun, 6 Sep 2020 14:45:22 +0000
Subject: After .ti, there are many reasons why the offset may change, so
 setting it back later requires a guard against underflow, or subsequent
 assertions may fail. Issue found in an afl run performed by Jan Schreiber
 <jes at posteo dot de>.

---
 term_ps.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'term_ps.c')

diff --git a/term_ps.c b/term_ps.c
index 2cd94c92..374d3d9a 100644
--- a/term_ps.c
+++ b/term_ps.c
@@ -1,7 +1,7 @@
-/*	$Id: term_ps.c,v 1.91 2017/11/10 23:42:52 schwarze Exp $ */
+/* $Id: term_ps.c,v 1.92 2020/09/06 14:45:22 schwarze Exp $ */
 /*
  * Copyright (c) 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv>
- * Copyright (c) 2014, 2015, 2016, 2017 Ingo Schwarze <schwarze@openbsd.org>
+ * Copyright (c) 2014,2015,2016,2017,2020 Ingo Schwarze <schwarze@openbsd.org>
  * Copyright (c) 2017 Marc Espie <espie@openbsd.org>
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -1252,7 +1252,10 @@ ps_endline(struct termp *p)
 
 	ps_closepage(p);
 
-	p->tcol->offset -= p->ti;
+	if ((int)p->tcol->offset > p->ti)
+		p->tcol->offset -= p->ti;
+	else 
+		p->tcol->offset = 0;
 	p->ti = 0;
 }
 
-- 
cgit v1.2.3-56-ge451