summaryrefslogtreecommitdiffstats
path: root/roff.7
diff options
context:
space:
mode:
authorIngo Schwarze <schwarze@openbsd.org>2017-02-17 03:03:03 +0000
committerIngo Schwarze <schwarze@openbsd.org>2017-02-17 03:03:03 +0000
commit43757c82b3a7a65d2481fe9ff6efb2970e685827 (patch)
tree1dea4e21cc3c7f041c2a1f473a3f65883e130820 /roff.7
parentfa4c0272e4f32857c55289b94ac6986d26909487 (diff)
downloadmandoc-43757c82b3a7a65d2481fe9ff6efb2970e685827.tar.gz
Fix a read buffer overrun that copied random data from memory into
text nodes when a string passed to deroff() ended in a backslash and the byte after the terminating NUL was non-NUL, found by tb@ with afl(1). Invalid bytes so copied with the high bit set could later sometimes trigger another out of bounds read access to static memory in roff_strdup(), so add an assertion there to abort safely in case of similar data corruption.
Diffstat (limited to 'roff.7')
0 files changed, 0 insertions, 0 deletions