Do not abuse assert(3) to react to absurd input; the purpose of assert(3)

only is to catch internal inconsistencies in the program itself.
Issue found in an afl run performed by Jan Schreiber <jes at posteo dot de>.

Instead, just cut down unreasonably wide spacing requested by the document
to a narrower width.

1 files changed, 17 insertions, 3 deletions

diff --git a/usr.bin/mandoc/term_ascii.c b/usr.bin/mandoc/term_ascii.c
index 7b0f7c59a36..8b89deb4867 100644
--- a/usr.bin/mandoc/term_ascii.c
+++ b/usr.bin/mandoc/term_ascii.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: term_ascii.c,v 1.51 2020/09/06 14:44:19 schwarze Exp $ */
+/* $OpenBSD: term_ascii.c,v 1.52 2020/09/09 13:40:24 schwarze Exp $ */
 /*
  * Copyright (c) 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2014,2015,2017,2018,2020 Ingo Schwarze <schwarze@openbsd.org>
@@ -235,7 +235,14 @@ ascii_advance(struct termp *p, size_t len)
 {
 	size_t		i;
 
-	assert(len < UINT16_MAX);
+	/*
+	 * XXX We used to have "assert(len < UINT16_MAX)" here.
+	 * that is not quite right because the input document
+	 * can trigger that by merely providing large input.
+	 * For now, simply truncate.
+	 */
+	if (len > 256)
+		len = 256;
 	for (i = 0; i < len; i++)
 		putchar(' ');
 }
@@ -372,7 +379,14 @@ locale_advance(struct termp *p, size_t len)
 {
 	size_t		i;
 
-	assert(len < UINT16_MAX);
+	/*
+	 * XXX We used to have "assert(len < UINT16_MAX)" here.
+	 * that is not quite right because the input document
+	 * can trigger that by merely providing large input.
+	 * For now, simply truncate.
+	 */
+	if (len > 256)
+		len = 256;
 	for (i = 0; i < len; i++)
 		putwchar(L' ');
 }