summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--roff.76
-rw-r--r--roff.c7
2 files changed, 11 insertions, 2 deletions
diff --git a/roff.7 b/roff.7
index 15f74e30..98957c6e 100644
--- a/roff.7
+++ b/roff.7
@@ -543,8 +543,10 @@ one explicit newline character.
In order to prevent endless recursion, both groff and
.Xr mandoc 1
limit the stack depth for expanding macros and strings
-to a large, but finite number.
-Do not rely on the exact value of this limit.
+to a large, but finite number, and
+.Xr mandoc 1
+also limits the length of the expanded input line.
+Do not rely on the exact values of these limits.
.Ss \&dei
Define a
.Nm
diff --git a/roff.c b/roff.c
index 58fbfd44..f619960b 100644
--- a/roff.c
+++ b/roff.c
@@ -21,6 +21,7 @@
#include <assert.h>
#include <ctype.h>
+#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -658,6 +659,12 @@ roff_res(struct roff *r, struct buf *buf, int ln, int pos)
buf->sz = mandoc_asprintf(&nbuf, "%s%s%s",
buf->buf, res, cp) + 1;
+ if (buf->sz > SHRT_MAX) {
+ mandoc_msg(MANDOCERR_ROFFLOOP, r->parse,
+ ln, (int)(stesc - buf->buf), NULL);
+ return(ROFF_IGN);
+ }
+
/* Prepare for the next replacement. */
start = nbuf + pos;
generated by cgit (git 2.34.1) at 2024-11-12 19:53:05 +0000