From bd96a67df3fe788dd3ed548363a21f09adaa82e1 Mon Sep 17 00:00:00 2001 From: Ingo Schwarze Date: Tue, 16 Dec 2014 01:21:38 +0000 Subject: When a numerical condition errors out after consuming at least one character of input, treat it as false, do not retry it as a string comparison condition. This also fixes a read buffer overrun that happened when the numerical condition advanced to the end of the input line before erroring out, found by jsg@ with afl. --- regress/usr.bin/mandoc/roff/cond/numeric.in | 18 +++++++++++++++++- regress/usr.bin/mandoc/roff/cond/numeric.out_ascii | 6 +++++- 2 files changed, 22 insertions(+), 2 deletions(-) (limited to 'regress/usr.bin') diff --git a/regress/usr.bin/mandoc/roff/cond/numeric.in b/regress/usr.bin/mandoc/roff/cond/numeric.in index ab154d61575..d28fcb9e8a2 100644 --- a/regress/usr.bin/mandoc/roff/cond/numeric.in +++ b/regress/usr.bin/mandoc/roff/cond/numeric.in @@ -1,4 +1,4 @@ -.TH COND-NUMERIC 1 "April 7, 2014" OpenBSD +.TH COND-NUMERIC 1 "December 16, 2014" OpenBSD .SH NAME cond-numeric \- roff conditions involving numbers .SH DESCRIPTION @@ -126,3 +126,19 @@ operator ":": 11 .ie 1:1 (t) .el (f) +.PP +unmatched parenthesis: +.ie ( +(t) +.el (f) +one +.ie (1 (t) +.el (f) +.PP +negated unmatched parenthesis: +.ie !( +(t) +.el (f) +zero +.ie !(0 (t) +.el (f) diff --git a/regress/usr.bin/mandoc/roff/cond/numeric.out_ascii b/regress/usr.bin/mandoc/roff/cond/numeric.out_ascii index 9947c53757b..b8155caafc9 100644 --- a/regress/usr.bin/mandoc/roff/cond/numeric.out_ascii +++ b/regress/usr.bin/mandoc/roff/cond/numeric.out_ascii @@ -30,6 +30,10 @@ DDEESSCCRRIIPPTTIIOONN operator ":": 00 (f) 01 (t) 10 (t) 11 (t) + unmatched parenthesis: (f) one (t) + negated unmatched parenthesis: (f) zero (t) -OpenBSD April 7, 2014 COND-NUMERIC(1) + + +OpenBSD December 16, 2014 COND-NUMERIC(1) -- cgit v1.2.3