summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorschwarze <schwarze@openbsd.org>2014-12-16 01:21:37 +0000
committerschwarze <schwarze@openbsd.org>2014-12-16 01:21:37 +0000
commit583f2f708eb980bf56e21300c8b146442523c787 (patch)
treeeb7c4d54f7f92c1b2c5166facd2437ade7ade50f
parentuse .In and delete .Tn; from Kaspars at Bankovskis dot net (diff)
downloadwireguard-openbsd-583f2f708eb980bf56e21300c8b146442523c787.tar.xz
wireguard-openbsd-583f2f708eb980bf56e21300c8b146442523c787.zip
When a numerical condition errors out after consuming at least one
character of input, treat it as false, do not retry it as a string comparison condition. This also fixes a read buffer overrun that happened when the numerical condition advanced to the end of the input line before erroring out, found by jsg@ with afl.
Diffstat
-rw-r--r--regress/usr.bin/mandoc/roff/cond/numeric.in18
-rw-r--r--regress/usr.bin/mandoc/roff/cond/numeric.out_ascii6
-rw-r--r--usr.bin/mandoc/roff.c9
3 files changed, 28 insertions, 5 deletions
diff --git a/regress/usr.bin/mandoc/roff/cond/numeric.in b/regress/usr.bin/mandoc/roff/cond/numeric.in
index ab154d61575..d28fcb9e8a2 100644
--- a/regress/usr.bin/mandoc/roff/cond/numeric.in
+++ b/regress/usr.bin/mandoc/roff/cond/numeric.in
@@ -1,4 +1,4 @@
-.TH COND-NUMERIC 1 "April 7, 2014" OpenBSD
+.TH COND-NUMERIC 1 "December 16, 2014" OpenBSD
.SH NAME
cond-numeric \- roff conditions involving numbers
.SH DESCRIPTION
@@ -126,3 +126,19 @@ operator ":":
11
.ie 1:1 (t)
.el (f)
+.PP
+unmatched parenthesis:
+.ie (
+(t)
+.el (f)
+one
+.ie (1 (t)
+.el (f)
+.PP
+negated unmatched parenthesis:
+.ie !(
+(t)
+.el (f)
+zero
+.ie !(0 (t)
+.el (f)
diff --git a/regress/usr.bin/mandoc/roff/cond/numeric.out_ascii b/regress/usr.bin/mandoc/roff/cond/numeric.out_ascii
index 9947c53757b..b8155caafc9 100644
--- a/regress/usr.bin/mandoc/roff/cond/numeric.out_ascii
+++ b/regress/usr.bin/mandoc/roff/cond/numeric.out_ascii
@@ -30,6 +30,10 @@ DDEESSCCRRIIPPTTIIOONN
operator ":": 00 (f) 01 (t) 10 (t) 11 (t)
+ unmatched parenthesis: (f) one (t)
+ negated unmatched parenthesis: (f) zero (t)
-OpenBSD April 7, 2014 COND-NUMERIC(1)
+
+
+OpenBSD December 16, 2014 COND-NUMERIC(1)
diff --git a/usr.bin/mandoc/roff.c b/usr.bin/mandoc/roff.c
index d4d923c965d..e7d9795cde0 100644
--- a/usr.bin/mandoc/roff.c
+++ b/usr.bin/mandoc/roff.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: roff.c,v 1.112 2014/12/15 23:42:31 schwarze Exp $ */
+/* $OpenBSD: roff.c,v 1.113 2014/12/16 01:21:37 schwarze Exp $ */
/*
* Copyright (c) 2010, 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv>
* Copyright (c) 2010-2014 Ingo Schwarze <schwarze@openbsd.org>
@@ -1247,7 +1247,7 @@ out:
static int
roff_evalcond(struct roff *r, int ln, const char *v, int *pos)
{
- int wanttrue, number;
+ int number, savepos, wanttrue;
if ('!' == v[*pos]) {
wanttrue = 0;
@@ -1280,10 +1280,13 @@ roff_evalcond(struct roff *r, int ln, const char *v, int *pos)
break;
}
+ savepos = *pos;
if (roff_evalnum(r, ln, v, pos, &number, 0))
return((number > 0) == wanttrue);
- else
+ else if (*pos == savepos)
return(roff_evalstrcond(v, pos) == wanttrue);
+ else
+ return (0);
}
static enum rofferr
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.