[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[groff] 14/26: [grohtml]: Mitigate Savannah #62040.
From: |
G. Branden Robinson |
Subject: |
[groff] 14/26: [grohtml]: Mitigate Savannah #62040. |
Date: |
Sun, 15 May 2022 05:07:54 -0400 (EDT) |
gbranden pushed a commit to branch master
in repository groff.
commit ab0793f5cadb8dbcb84cb49d59bc31855fd8b5ac
Author: G. Branden Robinson <g.branden.robinson@gmail.com>
AuthorDate: Sat May 14 23:32:14 2022 -0500
[grohtml]: Mitigate Savannah #62040.
[grohtml]: Mitigate double-free problem exposed by malformed input.
* src/roff/troff/mtsm.h (struct statem): Place member variable
`issue_no` behind `DEBUGGING` preprocessor symbol, omitting it
from production and ordinary development builds.
* src/roff/troff/mtsm.cpp (no_of_statems): Place global variable
behind `DEBUGGING` preprocessor symbol, omitting it from production
and ordinary development builds.
(statem::statem): Make constructor trivial if `DEBUGGING` not defined
in preprocessor; it manipulates only `issue_no` and `no_of_statems`,
which are synchronized.
(statem::statem {copy}): Gate assignment of `issue_no` member variable
from copy constructor behind `DEBUGGING` preprocessor symbol.
(statem::flush, mtsm::inherit): Gate debugging output, already
runtime-gated on `debug_state` symbol, of `issue_no` member variable,
so that we don't reference it when it is not declared.
See <https://savannah.gnu.org/bugs/?62040>.
---
ChangeLog | 23 +++++++++++++++++++++++
src/roff/troff/mtsm.cpp | 12 +++++++++++-
src/roff/troff/mtsm.h | 2 ++
3 files changed, 36 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index 03cfb4ca..8c729977 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,26 @@
+2022-05-14 G. Branden Robinson <g.branden.robinson@gmail.com>
+
+ [grohtml]: Mitigate double-free problem exposed by malformed
+ input.
+
+ * src/roff/troff/mtsm.h (struct statem): Place member variable
+ `issue_no` behind `DEBUGGING` preprocessor symbol, omitting it
+ from production and ordinary development builds.
+ * src/roff/troff/mtsm.cpp (no_of_statems): Place global variable
+ behind `DEBUGGING` preprocessor symbol, omitting it from
+ production and ordinary development builds.
+ (statem::statem): Make constructor trivial if `DEBUGGING` not
+ defined in preprocessor; it manipulates only `issue_no` and
+ `no_of_statems`, which are synchronized.
+ (statem::statem {copy}): Gate assignment of `issue_no` member
+ variable from copy constructor behind `DEBUGGING` preprocessor
+ symbol.
+ (statem::flush, mtsm::inherit): Gate debugging output, already
+ runtime-gated on `debug_state` symbol, of `issue_no` member
+ variable, so that we don't reference it when it is not declared.
+
+ See <https://savannah.gnu.org/bugs/?62040>.
+
2022-05-05 G. Branden Robinson <g.branden.robinson@gmail.com>
[refer]: Rename a test artifact; it's a bibliographic database
diff --git a/src/roff/troff/mtsm.cpp b/src/roff/troff/mtsm.cpp
index 6bddf6dc..058b9b18 100644
--- a/src/roff/troff/mtsm.cpp
+++ b/src/roff/troff/mtsm.cpp
@@ -26,7 +26,9 @@ extern int debug_state;
#include "mtsm.h"
#include "env.h"
-static int no_of_statems = 0; // debugging aid
+#if defined(DEBUGGING)
+static int no_of_statems = 0;
+#endif
int_value::int_value()
: value(0), is_known(0)
@@ -172,8 +174,10 @@ int string_value::differs(string_value compare)
statem::statem()
{
+#if defined(DEBUGGING)
issue_no = no_of_statems;
no_of_statems++;
+#endif
}
statem::statem(statem *copy)
@@ -187,7 +191,9 @@ statem::statem(statem *copy)
units_values[i] = copy->units_values[i];
for (i = 0; i < LAST_STRING; i++)
string_values[i] = copy->string_values[i];
+#if defined(DEBUGGING)
issue_no = copy->issue_no;
+#endif
}
statem::~statem()
@@ -218,10 +224,12 @@ void statem::flush(FILE *fp, statem *compare)
compare->bool_values[MTSM_EOL]);
bool_values[MTSM_BR].diff(fp, "devtag:.br",
compare->bool_values[MTSM_BR]);
+#if defined(DEBUGGING)
if (debug_state) {
fprintf(stderr, "compared state %d\n", compare->issue_no);
fflush(stderr);
}
+#endif
}
void statem::add_tag(int_value_state t, int v)
@@ -423,9 +431,11 @@ void mtsm::inherit(statem *s, int reset_bool)
if (reset_bool)
sp->state->bool_values[MTSM_BR].set(0);
s->bool_values[MTSM_BR].set(1);
+#if defined(DEBUGGING)
if (debug_state)
fprintf(stderr, "inherited br from pushed state %d\n",
sp->state->issue_no);
+#endif
}
else if (s->bool_values[MTSM_BR].is_known
&& s->bool_values[MTSM_BR].value)
diff --git a/src/roff/troff/mtsm.h b/src/roff/troff/mtsm.h
index 0fbc94d4..cfca73dc 100644
--- a/src/roff/troff/mtsm.h
+++ b/src/roff/troff/mtsm.h
@@ -87,7 +87,9 @@ enum string_value_state {
};
struct statem {
+#if defined(DEBUGGING)
int issue_no;
+#endif
bool_value bool_values[LAST_BOOL];
int_value int_values[LAST_INT];
units_value units_values[LAST_UNITS];
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [groff] 14/26: [grohtml]: Mitigate Savannah #62040.,
G. Branden Robinson <=