CVSROOT: /cvs
Module name: src
Changes by: schwa...@cvs.openbsd.org 2017/03/07 13:00:02
Modified files:
usr.bin/mandoc : read.c
regress/usr.bin/mandoc/roff/de: Makefile
Added files:
regress/usr.bin/mandoc/roff/de: infinite.in infinite.out_ascii
infinite.out_lint
Log message:
If a user-defined macro is aborted because it exceeds the stack
limit, usually due to infinite recursion, discard whatever remains
in all those open stack levels. Otherwise, insane constructions
like the following could generate macros of enormous size, causing
mandoc(1) to die from memory exhaustion:
.de m \" original macro definition
.m \" recursion to blow up the stack
.de m \" definition to be run during the call of .m marked (*)
very long plain text (some kilobytes)
.m \" expand the above a thousand times while unwinding the stack
.. \" end of the original definition
.m \" (*) recursively generate a ridiculously large macro
.. \" end of recursively generated definition
.m \" execute the giant macro, exhausting memory
Very creative abuse found by tb@ with afl(1).
