Up to [cvsweb.bsd.lv] / mandoc
Request diff between arbitrary revisions
Default branch: MAIN
Current tag: VERSION_1_14_1
Revision 1.289 / (download) - annotate - [select for diffs], Fri Feb 17 03:03:03 2017 UTC (7 years, 2 months ago) by schwarze
Branch: MAIN
CVS Tags: VERSION_1_14_1
Changes since 1.288: +12 -4 lines
Diff to previous 1.288 (colored)
Fix a read buffer overrun that copied random data from memory into text nodes when a string passed to deroff() ended in a backslash and the byte after the terminating NUL was non-NUL, found by tb@ with afl(1). Invalid bytes so copied with the high bit set could later sometimes trigger another out of bounds read access to static memory in roff_strdup(), so add an assertion there to abort safely in case of similar data corruption.