From cc64a9f0b63e16d12edd76ca35a7e99aa3519fc7 Mon Sep 17 00:00:00 2001 From: Ingo Schwarze Date: Wed, 9 Sep 2020 13:45:05 +0000 Subject: Do not abuse assert(3) to react to absurd input; the purpose of assert(3) only is to catch internal inconsistencies in the program itself. Issue found in an afl run performed by Jan Schreiber . Instead, just cut down unreasonably wide spacing requested by the document to a narrower width. --- term_ascii.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/term_ascii.c b/term_ascii.c index 4e06a739..bf7e9b63 100644 --- a/term_ascii.c +++ b/term_ascii.c @@ -1,4 +1,4 @@ -/* $Id: term_ascii.c,v 1.65 2020/09/06 14:45:22 schwarze Exp $ */ +/* $Id: term_ascii.c,v 1.66 2020/09/09 13:45:05 schwarze Exp $ */ /* * Copyright (c) 2010, 2011 Kristaps Dzonsons * Copyright (c) 2014,2015,2017,2018,2020 Ingo Schwarze @@ -245,7 +245,14 @@ ascii_advance(struct termp *p, size_t len) { size_t i; - assert(len < UINT16_MAX); + /* + * XXX We used to have "assert(len < UINT16_MAX)" here. + * that is not quite right because the input document + * can trigger that by merely providing large input. + * For now, simply truncate. + */ + if (len > 256) + len = 256; for (i = 0; i < len; i++) putchar(' '); } @@ -383,7 +390,14 @@ locale_advance(struct termp *p, size_t len) { size_t i; - assert(len < UINT16_MAX); + /* + * XXX We used to have "assert(len < UINT16_MAX)" here. + * that is not quite right because the input document + * can trigger that by merely providing large input. + * For now, simply truncate. + */ + if (len > 256) + len = 256; for (i = 0; i < len; i++) putwchar(L' '); } -- cgit v1.2.3