To better match groff parsing, reject digits and some mathematical

operators as argument delimiters for some escape sequences that take
numerical arguments, in the same way as it had already been done for \h.

Argument delimiter parsing for escape sequences taking numerical arguments
is not perfect yet.  In particular, when a character representing a
scaling unit is abused as the argument delimiter, parsing for that
character becomes context-dependent, and it is no longer possible to
find the end of the escape sequence without calling the full numerical
expression parser, which i refrain from attempting in this commit.

For now, continuing to misparse insane constructions like \Bc1c+1cc
(which is valid in groff and resolves to "1" because 1c+1c = two
centimeters is a valid numerical expression and 'c' is also a valid
delimiter) is a small price to pay for keeping complexity at bay
and for not losing focus in the ongoing series of refinements.

1 files changed, 9 insertions, 7 deletions

diff --git a/roff_escape.c b/roff_escape.c
index 39d57e88..98138f95 100644
--- a/roff_escape.c
+++ b/roff_escape.c
@@ -1,4 +1,4 @@
-/* $OpenBSD$ */
+/* $Id$ */
 /*
  * Copyright (c) 2011, 2012, 2013, 2014, 2015, 2017, 2018, 2020, 2022
  *               Ingo Schwarze <schwarze@openbsd.org>
@@ -270,12 +270,14 @@ roff_escape(const char *buf, const int ln, const int aesc,
 		goto out_sub;
 
 	if (term == '\b') {
-		if ((buf[inam] == 'N' && isdigit((unsigned char)buf[iarg])) ||
-		    (buf[inam] == 'h' && strchr(" %&()*+-./0123456789:<=>",
-		     buf[iarg]) != NULL)) {
-			iendarg = iend = iarg + 1;
-			rval = ESCAPE_ERROR;
-			goto out;
+		if (strchr("BDHLRSvxNhl", buf[inam]) != NULL &&
+		    strchr(" %&()*+-./0123456789:<=>", buf[iarg]) != NULL) {
+			if (rval != ESCAPE_EXPAND)
+				rval = ESCAPE_ERROR;
+			if (buf[inam] != 'D') {
+				iendarg = iend = iarg + 1;
+				goto out;
+			}
 		}
 		term = buf[iarg++];
 	} else if (term == '\0' && maxl == INT_MAX) {