From fb95344148cb8c3ffd77776cedee32c2661cffa1 Mon Sep 17 00:00:00 2001 From: Ingo Schwarze Date: Wed, 24 Dec 2014 09:58:35 +0000 Subject: When a man(7) document contains unreasonably large numbers for indentations or paragraph distances, large output may be generated, which is practically the same as an endless loop; found by jsg@ with afl. Reject such unreasonably large numbers beyond arbitrary limits similar to those used by groff (max. 65 blank lines between paragraphs and max. SHRT_MAX characters per output line) and fall back to defaults when exceeded. Having the limits behave in exactly the same way is not relevant. --- term.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'term.c') diff --git a/term.c b/term.c index d884ba70..0f39525b 100644 --- a/term.c +++ b/term.c @@ -1,4 +1,4 @@ -/* $Id: term.c,v 1.240 2014/12/23 13:48:57 schwarze Exp $ */ +/* $Id: term.c,v 1.241 2014/12/24 09:58:35 schwarze Exp $ */ /* * Copyright (c) 2008, 2009, 2010, 2011 Kristaps Dzonsons * Copyright (c) 2010-2014 Ingo Schwarze @@ -773,6 +773,7 @@ int term_vspan(const struct termp *p, const struct roffsu *su) { double r; + int ri; switch (su->unit) { case SCALE_BU: @@ -808,7 +809,8 @@ term_vspan(const struct termp *p, const struct roffsu *su) abort(); /* NOTREACHED */ } - return(r > 0.0 ? r + 0.4995 : r - 0.4995); + ri = r > 0.0 ? r + 0.4995 : r - 0.4995; + return(ri < 66 ? ri : 1); } int -- cgit v1.2.3