diff options
| author |   schwarze <schwarze@openbsd.org> | 2017-03-11 15:42:03 +0000 |
|---|---|---|
| committer | schwarze <schwarze@openbsd.org> | 2017-03-11 15:42:03 +0000 |
| commit | ae899e85df9403c118c5d8499c9dd7247b262dc6 (patch) | |
| tree | c514db3690b1fe150901100480a503181fb242a7 | |
| parent | Fix calculation of size for full size splits. (diff) | |
| download | wireguard-openbsd-ae899e85df9403c118c5d8499c9dd7247b262dc6.tar.xz wireguard-openbsd-ae899e85df9403c118c5d8499c9dd7247b262dc6.zip | |
Improve detection of recursive eqn(7) "define" statements:
Do not only catch "define key 'key other stuff'",
but also "define key 'other stuff key'".
Fixing infinite loop found by tb@ with afl(1).
| -rw-r--r-- | usr.bin/mandoc/eqn.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/usr.bin/mandoc/eqn.c b/usr.bin/mandoc/eqn.c index 36a6fa16de4..de7bf926470 100644 --- a/usr.bin/mandoc/eqn.c +++ b/usr.bin/mandoc/eqn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: eqn.c,v 1.24 2016/01/08 00:50:20 schwarze Exp $ */ +/* $OpenBSD: eqn.c,v 1.25 2017/03/11 15:42:03 schwarze Exp $ */ /* * Copyright (c) 2011, 2014 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2014, 2015 Ingo Schwarze <schwarze@openbsd.org> @@ -364,15 +364,19 @@ eqn_def_find(struct eqn_node *ep, const char *key, size_t sz) static const char * eqn_next(struct eqn_node *ep, char quote, size_t *sz, int repl) { + static size_t last_len; + static int lim; + char *start, *next; - int q, diff, lim; + int q, diff; size_t ssz, dummy; struct eqn_def *def; if (NULL == sz) sz = &dummy; - lim = 0; + if (ep->cur >= last_len) + lim = 0; ep->rew = ep->cur; again: /* Prevent self-definitions. */ @@ -446,6 +450,7 @@ again: memmove(start + *sz + diff, start + *sz, (strlen(start) - *sz) + 1); memcpy(start, def->val, def->valsz); + last_len = start - ep->data + def->valsz; lim++; goto again; } |