CVSROOT: /cvs
Module name: src
Changes by: schwa...@cvs.openbsd.org 2014/12/15 20:52:31
Modified files:
usr.bin/mandoc : roff.c
Log message:
When a string comparison condition contains no mismatching character
but ends without the final delimiter, the parse point was advanced
one character too far and the invalid pointer returned to the
caller of roff_parseln(). Later use could potentially advance
the pointer even further and maybe even write to it.
Fixing a buffer overrun found by jsg@ with afl (the most severe so far).
