diff options
| author |   Ingo Schwarze <schwarze@openbsd.org> | 2015-02-07 16:42:33 +0000 |
|---|---|---|
| committer | Ingo Schwarze <schwarze@openbsd.org> | 2015-02-07 16:42:33 +0000 |
| commit | 3de89b5964cf432d6662b93d7c27429bf3c17691 (patch) | |
| tree | a8edbbb315161928f586fe9bd3596c3f75bf9518 | |
| parent | ebac9369c3dc60420d12f61a60ee5e9c9d55cdd1 (diff) | |
| download | mandoc-3de89b5964cf432d6662b93d7c27429bf3c17691.tar.gz mandoc-3de89b5964cf432d6662b93d7c27429bf3c17691.tar.zst mandoc-3de89b5964cf432d6662b93d7c27429bf3c17691.zip | |
Closing a block validates it, which may end up deleting it,
so if we are in a loop over blocks, cleanly restart the loop
rather than risking use after free; found by jsg@ with afl.
| -rw-r--r-- | mdoc_macro.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/mdoc_macro.c b/mdoc_macro.c index 158e1bbd..f04acb96 100644 --- a/mdoc_macro.c +++ b/mdoc_macro.c @@ -1,4 +1,4 @@ -/* $Id: mdoc_macro.c,v 1.179 2015/02/06 07:13:14 schwarze Exp $ */ +/* $Id: mdoc_macro.c,v 1.180 2015/02/07 16:42:33 schwarze Exp $ */ /* * Copyright (c) 2008-2012 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2010, 2012-2015 Ingo Schwarze <schwarze@openbsd.org> @@ -941,6 +941,7 @@ blk_full(MACRO_PROT_ARGS) mdoc_macronames[tok], mdoc_macronames[n->tok]); rew_pending(mdoc, n); + n = mdoc->last; continue; case MDOC_It: /* Delay in case it's astray. */ |