[groff] 14/26: [grohtml]: Mitigate Savannah #62040.

groff-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[groff] 14/26: [grohtml]: Mitigate Savannah #62040.

From:	G. Branden Robinson
Subject:	[groff] 14/26: [grohtml]: Mitigate Savannah #62040.
Date:	Sun, 15 May 2022 05:07:54 -0400 (EDT)

gbranden pushed a commit to branch master
in repository groff.

commit ab0793f5cadb8dbcb84cb49d59bc31855fd8b5ac
Author: G. Branden Robinson <g.branden.robinson@gmail.com>
AuthorDate: Sat May 14 23:32:14 2022 -0500

    [grohtml]: Mitigate Savannah #62040.
    
    [grohtml]: Mitigate double-free problem exposed by malformed input.
    
    * src/roff/troff/mtsm.h (struct statem): Place member variable
      `issue_no` behind `DEBUGGING` preprocessor symbol, omitting it
      from production and ordinary development builds.
    
    * src/roff/troff/mtsm.cpp (no_of_statems): Place global variable
      behind `DEBUGGING` preprocessor symbol, omitting it from production
      and ordinary development builds.
    
      (statem::statem): Make constructor trivial if `DEBUGGING` not defined
      in preprocessor; it manipulates only `issue_no` and `no_of_statems`,
      which are synchronized.
    
      (statem::statem {copy}): Gate assignment of `issue_no` member variable
      from copy constructor behind `DEBUGGING` preprocessor symbol.
    
      (statem::flush, mtsm::inherit): Gate debugging output, already
      runtime-gated on `debug_state` symbol, of `issue_no` member variable,
      so that we don't reference it when it is not declared.
    
    See <https://savannah.gnu.org/bugs/?62040>.
---
 ChangeLog               | 23 +++++++++++++++++++++++
 src/roff/troff/mtsm.cpp | 12 +++++++++++-
 src/roff/troff/mtsm.h   |  2 ++
 3 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 03cfb4ca..8c729977 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,26 @@
+2022-05-14  G. Branden Robinson <g.branden.robinson@gmail.com>
+
+       [grohtml]: Mitigate double-free problem exposed by malformed
+       input.
+
+       * src/roff/troff/mtsm.h (struct statem): Place member variable
+       `issue_no` behind `DEBUGGING` preprocessor symbol, omitting it
+       from production and ordinary development builds.
+       * src/roff/troff/mtsm.cpp (no_of_statems): Place global variable
+       behind `DEBUGGING` preprocessor symbol, omitting it from
+       production and ordinary development builds.
+       (statem::statem): Make constructor trivial if `DEBUGGING` not
+       defined in preprocessor; it manipulates only `issue_no` and
+       `no_of_statems`, which are synchronized.
+       (statem::statem {copy}): Gate assignment of `issue_no` member
+       variable from copy constructor behind `DEBUGGING` preprocessor
+       symbol.
+       (statem::flush, mtsm::inherit): Gate debugging output, already
+       runtime-gated on `debug_state` symbol, of `issue_no` member
+       variable, so that we don't reference it when it is not declared.
+
+       See <https://savannah.gnu.org/bugs/?62040>.
+
 2022-05-05  G. Branden Robinson <g.branden.robinson@gmail.com>
 
        [refer]: Rename a test artifact; it's a bibliographic database
diff --git a/src/roff/troff/mtsm.cpp b/src/roff/troff/mtsm.cpp
index 6bddf6dc..058b9b18 100644
--- a/src/roff/troff/mtsm.cpp
+++ b/src/roff/troff/mtsm.cpp
@@ -26,7 +26,9 @@ extern int debug_state;
 #include "mtsm.h"
 #include "env.h"
 
-static int no_of_statems = 0;  // debugging aid
+#if defined(DEBUGGING)
+static int no_of_statems = 0;
+#endif
 
 int_value::int_value()
 : value(0), is_known(0)
@@ -172,8 +174,10 @@ int string_value::differs(string_value compare)
 
 statem::statem()
 {
+#if defined(DEBUGGING)
   issue_no = no_of_statems;
   no_of_statems++;
+#endif
 }
 
 statem::statem(statem *copy)
@@ -187,7 +191,9 @@ statem::statem(statem *copy)
     units_values[i] = copy->units_values[i];
   for (i = 0; i < LAST_STRING; i++)
     string_values[i] = copy->string_values[i];
+#if defined(DEBUGGING)
   issue_no = copy->issue_no;
+#endif
 }
 
 statem::~statem()
@@ -218,10 +224,12 @@ void statem::flush(FILE *fp, statem *compare)
                             compare->bool_values[MTSM_EOL]);
   bool_values[MTSM_BR].diff(fp, "devtag:.br",
                            compare->bool_values[MTSM_BR]);
+#if defined(DEBUGGING)
   if (debug_state) {
     fprintf(stderr, "compared state %d\n", compare->issue_no);
     fflush(stderr);
   }
+#endif
 }
 
 void statem::add_tag(int_value_state t, int v)
@@ -423,9 +431,11 @@ void mtsm::inherit(statem *s, int reset_bool)
       if (reset_bool)
        sp->state->bool_values[MTSM_BR].set(0);
       s->bool_values[MTSM_BR].set(1);
+#if defined(DEBUGGING)
       if (debug_state)
        fprintf(stderr, "inherited br from pushed state %d\n",
                sp->state->issue_no);
+#endif
     }
     else if (s->bool_values[MTSM_BR].is_known
             && s->bool_values[MTSM_BR].value)
diff --git a/src/roff/troff/mtsm.h b/src/roff/troff/mtsm.h
index 0fbc94d4..cfca73dc 100644
--- a/src/roff/troff/mtsm.h
+++ b/src/roff/troff/mtsm.h
@@ -87,7 +87,9 @@ enum string_value_state {
 };
 
 struct statem {
+#if defined(DEBUGGING)
   int issue_no;
+#endif
   bool_value bool_values[LAST_BOOL];
   int_value int_values[LAST_INT];
   units_value units_values[LAST_UNITS];

[Prev in Thread]

Current Thread

[Next in Thread]

[groff] 14/26: [grohtml]: Mitigate Savannah #62040., G. Branden Robinson <=

Prev by Date: [groff] 03/26: [refer]: Trivially refactor.
Next by Date: [groff] 15/26: INSTALL.extra: Tweak wording.
Previous by thread: [groff] 03/26: [refer]: Trivially refactor.
Next by thread: [groff] 15/26: INSTALL.extra: Tweak wording.
Index(es):
- Date
- Thread