Do not abuse assert(3) to react to absurd input; the purpose of assert(3)

only is to catch internal inconsistencies in the program itself.
Issue found in an afl run performed by Jan Schreiber <jes at posteo dot de>.

Instead, just cut down unreasonably wide spacing requested by the document
to a narrower width.

1 files changed, 16 insertions, 2 deletions

diff --git a/term_ascii.c b/term_ascii.c
index a9aa989a..b062bd99 100644
--- a/term_ascii.c
+++ b/term_ascii.c
@@ -245,7 +245,14 @@ ascii_advance(struct termp *p, size_t len)
 {
 	size_t		i;
 
-	assert(len < UINT16_MAX);
+	/*
+	 * XXX We used to have "assert(len < UINT16_MAX)" here.
+	 * that is not quite right because the input document
+	 * can trigger that by merely providing large input.
+	 * For now, simply truncate.
+	 */
+	if (len > 256)
+		len = 256;
 	for (i = 0; i < len; i++)
 		putchar(' ');
 }
@@ -383,7 +390,14 @@ locale_advance(struct termp *p, size_t len)
 {
 	size_t		i;
 
-	assert(len < UINT16_MAX);
+	/*
+	 * XXX We used to have "assert(len < UINT16_MAX)" here.
+	 * that is not quite right because the input document
+	 * can trigger that by merely providing large input.
+	 * For now, simply truncate.
+	 */
+	if (len > 256)
+		len = 256;
 	for (i = 0; i < len; i++)
 		putwchar(L' ');
 }