diff options
| author | Ingo Schwarze <schwarze@openbsd.org> | 2018-05-20 21:37:34 +0000 |
|---|---|---|
| committer | Ingo Schwarze <schwarze@openbsd.org> | 2018-05-20 21:37:34 +0000 |
| commit | dc6a309af4c8f768ef81cac2ed1d1424f8cdde4e (patch) | |
| tree | 9e81552dce5ead119b76ab6cc4174e2a9904b116 | |
| parent | e41fa11ae33ec3aa4b412ad28181fefcf716bb99 (diff) | |
| download | mandoc-dc6a309af4c8f768ef81cac2ed1d1424f8cdde4e.tar.gz | |
Protect against malicious manual pages containing .ll requests with
excessive arguments: apply the same cutoff as for the -O width=
command line argument.
While here, also place some assertions at strategical places to
prevent excessive indentations from being printed in case of bugs.
In the past, we had more than one bug that caused mandoc to print
effectively infinite output, filling up people's /tmp/ file system,
which is not funny. We cannot prevent bugs from crashing the
program, but we can at least make filling up the disk less likely.
Triggered by a remark from sthen@ on source-changes@.
| -rw-r--r-- | term_ascii.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/term_ascii.c b/term_ascii.c index 203042c5..1c69a4eb 100644 --- a/term_ascii.c +++ b/term_ascii.c @@ -133,6 +133,8 @@ ascii_init(enum termenc enc, const struct manoutput *outopts) if (outopts->synopsisonly) p->synopsisonly = 1; + assert(p->defindent < UINT16_MAX); + assert(p->defrmargin < UINT16_MAX); return p; } @@ -171,6 +173,8 @@ ascii_setwidth(struct termp *p, int iop, int width) p->defrmargin -= width; else p->defrmargin = 0; + if (p->defrmargin > 1000) + p->defrmargin = 1000; p->lastrmargin = p->tcol->rmargin; p->tcol->rmargin = p->maxrmargin = p->defrmargin; } @@ -239,6 +243,7 @@ ascii_advance(struct termp *p, size_t len) { size_t i; + assert(len < UINT16_MAX); for (i = 0; i < len; i++) putchar(' '); } @@ -376,6 +381,7 @@ locale_advance(struct termp *p, size_t len) { size_t i; + assert(len < UINT16_MAX); for (i = 0; i < len; i++) putwchar(L' '); } |