diff options
| author |   Ingo Schwarze <schwarze@openbsd.org> | 2015-05-01 16:58:33 +0000 |
|---|---|---|
| committer | Ingo Schwarze <schwarze@openbsd.org> | 2015-05-01 16:58:33 +0000 |
| commit | 631dcbd03b42795bbc37c57d62a32f1ebbe3f1b9 (patch) | |
| tree | c5d0ad421e53f818e87c8c85ab2e57830f8736e9 | |
| parent | 20bd05bc1165d2c8e7af3c9a8ec1282785f9bc0f (diff) | |
| download | mandoc-631dcbd03b42795bbc37c57d62a32f1ebbe3f1b9.tar.gz mandoc-631dcbd03b42795bbc37c57d62a32f1ebbe3f1b9.tar.zst mandoc-631dcbd03b42795bbc37c57d62a32f1ebbe3f1b9.zip | |
mdoc_valid_post() may indirectly call roff_node_unlink() which may
set ROFF_NEXT_CHILD, which is desirable for the final call to
mdoc_valid_post() - in case the target itself gets deleted, the
parse point may need this adjustment - but not for the intermediate
calls - if intermediate nodes get deleted, that mustn't clobber the
parse point. So move setting ROFF_NEXT_SIBLING to the proper place
in rew_last().
This fixes the assertion failure in jsg@'s afl test case 108/Apr27.
| -rw-r--r-- | mdoc_macro.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/mdoc_macro.c b/mdoc_macro.c index d87da2cf..04ea9423 100644 --- a/mdoc_macro.c +++ b/mdoc_macro.c @@ -1,4 +1,4 @@ -/* $Id: mdoc_macro.c,v 1.199 2015/05/01 16:02:47 schwarze Exp $ */ +/* $Id: mdoc_macro.c,v 1.200 2015/05/01 16:58:33 schwarze Exp $ */ /* * Copyright (c) 2008-2012 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2010, 2012-2015 Ingo Schwarze <schwarze@openbsd.org> @@ -263,7 +263,6 @@ rew_last(struct roff_man *mdoc, const struct roff_node *to) if (to->flags & MDOC_VALID) return; - mdoc->next = ROFF_NEXT_SIBLING; while (mdoc->last != to) { /* * Save the parent here, because we may delete the @@ -276,6 +275,7 @@ rew_last(struct roff_man *mdoc, const struct roff_node *to) mdoc->last = np; assert(mdoc->last); } + mdoc->next = ROFF_NEXT_SIBLING; mdoc_valid_post(mdoc); } |