diff options
| author |   Ingo Schwarze <schwarze@openbsd.org> | 2017-02-11 14:11:17 +0000 |
|---|---|---|
| committer | Ingo Schwarze <schwarze@openbsd.org> | 2017-02-11 14:11:17 +0000 |
| commit | f1acc1f1ed19c62e0f3916a557e5841e0392cd7a (patch) | |
| tree | 264e81ea82a1aec8ec7baa8a8c80534c44da458c | |
| parent | 1e9e28c63eaf6fb303ca37783e0d0f8e70361aa9 (diff) | |
| download | mandoc-f1acc1f1ed19c62e0f3916a557e5841e0392cd7a.tar.gz mandoc-f1acc1f1ed19c62e0f3916a557e5841e0392cd7a.tar.zst mandoc-f1acc1f1ed19c62e0f3916a557e5841e0392cd7a.zip | |
Do not prematurely close .Nd containing a broken child.
Fixes tree corruption leading to NULL dereference
in insane cases like .Oo Oo .Nd .Pq Oc .Oc Oc
found by tb@ with afl(1).
| -rw-r--r-- | NEWS | 6 | ||||
| -rw-r--r-- | mdoc_macro.c | 12 |
2 files changed, 13 insertions, 5 deletions
@@ -1,4 +1,4 @@ -$Id: NEWS,v 1.16 2017/02/10 16:20:34 schwarze Exp $ +$Id: NEWS,v 1.17 2017/02/11 14:11:17 schwarze Exp $ This file lists the most important changes in the mdocml.bsd.lv distribution. @@ -53,8 +53,10 @@ Changes in version 1.14.1, released on February XXX, 2017 * mdoc(7): Fix syntax tree corruption leading to NULL dereference caused by .Ta following a nested .Bl -column breaking another block. * mdoc(7): Fix syntax tree corruption sometimes leading to NULL - dereference caused by indirectly broken .Nm blocks in the SYNOPSIS. + dereference caused by indirectly broken .Nd or .Nm blocks. * mdoc(7) -Thtml: Fix a NULL dereference for .Bl -column with 0 columns. + * mdoc(7): Fix NULL dereference in some specific cases of a + block-end macro calling another block-end macro. * mdoc(7): Fix NULL dereference if the only child of the head of the first .Sh was an empty in-line macro. * mdoc(7): Fix an assertion failure for a .Bd without a type that diff --git a/mdoc_macro.c b/mdoc_macro.c index 3326add6..a1cea0ef 100644 --- a/mdoc_macro.c +++ b/mdoc_macro.c @@ -1,4 +1,4 @@ -/* $Id: mdoc_macro.c,v 1.213 2017/02/11 13:24:12 schwarze Exp $ */ +/* $Id: mdoc_macro.c,v 1.214 2017/02/11 14:11:17 schwarze Exp $ */ /* * Copyright (c) 2008-2012 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2010, 2012-2016 Ingo Schwarze <schwarze@openbsd.org> @@ -647,10 +647,16 @@ blk_exp_close(MACRO_PROT_ARGS) break; } - /* Explicit blocks close out description lines. */ + /* + * Explicit blocks close out description lines, but + * even those can get broken together with a child. + */ if (n->tok == MDOC_Nd) { - rew_last(mdoc, n); + if (later != NULL) + n->flags |= NODE_BROKEN | NODE_ENDED; + else + rew_last(mdoc, n); continue; } |