Prevent unsigned integer underflow when a number is too wide

for a table cell with an "nz" layout specification, causing essentially infinite output as found by jsg@ with afl.
author: Ingo Schwarze <schwarze@openbsd.org> 2014-12-24 15:38:55 +0000
committer: Ingo Schwarze <schwarze@openbsd.org> 2014-12-24 15:38:55 +0000
commit: 9d010e593cd4c985aa8b89549f36c0091dd78cb1 (patch)
tree: 4bcb73f09721fe79fd720aedd0386de72ccb6710
parent: b90b724e08fcba984d8b57dd4b4bf1be91691628 (diff)
download: mandoc-9d010e593cd4c985aa8b89549f36c0091dd78cb1.tar.gz
1 files changed, 7 insertions, 3 deletions
diff --git a/tbl_term.c b/tbl_term.c
index 0ce60988..25c32cdb 100644
--- a/tbl_term.c
+++ b/tbl_term.c
@@ -417,9 +417,13 @@ tbl_number(struct termp *tp, const struct tbl_opts *opts,
 	} else
 		d = sz + psz;
 
-	padl = col->decimal - d;
-
-	tbl_char(tp, ASCII_NBRSP, padl);
+	if (col->decimal > d && col->width > sz) {
+		padl = col->decimal - d;
+		if (padl + sz > col->width)
+			padl = col->width - sz;
+		tbl_char(tp, ASCII_NBRSP, padl);
+	} else
+		padl = 0;
 	tbl_word(tp, dp);
 	if (col->width > sz + padl)
 		tbl_char(tp, ASCII_NBRSP, col->width - sz - padl);
author	Ingo Schwarze <schwarze@openbsd.org>	2014-12-24 15:38:55 +0000
committer	Ingo Schwarze <schwarze@openbsd.org>	2014-12-24 15:38:55 +0000
commit	9d010e593cd4c985aa8b89549f36c0091dd78cb1 (patch)
tree	4bcb73f09721fe79fd720aedd0386de72ccb6710
parent	b90b724e08fcba984d8b57dd4b4bf1be91691628 (diff)
download	mandoc-9d010e593cd4c985aa8b89549f36c0091dd78cb1.tar.gz