diff options
author | Kristaps Dzonsons <kristaps@bsd.lv> | 2014-08-17 08:37:11 +0000 |
---|---|---|
committer | Kristaps Dzonsons <kristaps@bsd.lv> | 2014-08-17 08:37:11 +0000 |
commit | edaaac97ad1b06b9ec35a2d5c1a5ff0258cc5956 (patch) | |
tree | 5a7c043d7a3caf2ed5087707be49e9a0d7a1fd92 | |
parent | 7eba87a5fd2f971ba9c0cd6cb0db96ae643dc9e7 (diff) | |
download | mandoc-edaaac97ad1b06b9ec35a2d5c1a5ff0258cc5956.tar.gz mandoc-edaaac97ad1b06b9ec35a2d5c1a5ff0258cc5956.tar.zst mandoc-edaaac97ad1b06b9ec35a2d5c1a5ff0258cc5956.zip |
Protect against accessing "n->next->child" by first checking "n->next".
Noticed in a crash against ".It Nm Fo" with no closing "Fc".
Original patch expanded by schwarze@ then extended even more.
-rw-r--r-- | mdoc_term.c | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/mdoc_term.c b/mdoc_term.c index 12ce2b0f..d647616c 100644 --- a/mdoc_term.c +++ b/mdoc_term.c @@ -1,4 +1,4 @@ -/* $Id: mdoc_term.c,v 1.276 2014/08/10 23:54:41 schwarze Exp $ */ +/* $Id: mdoc_term.c,v 1.277 2014/08/17 08:37:11 kristaps Exp $ */ /* * Copyright (c) 2008, 2009, 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2010, 2012, 2013, 2014 Ingo Schwarze <schwarze@openbsd.org> @@ -806,9 +806,10 @@ termp_it_pre(DECL_ARGS) * the "overstep" effect in term_flushln() and treat * this as a `-ohang' list instead. */ - if (n->next->child && - (MDOC_Bl == n->next->child->tok || - MDOC_Bd == n->next->child->tok)) + if (NULL != n->next && + NULL != n->next->child && + (MDOC_Bl == n->next->child->tok || + MDOC_Bd == n->next->child->tok)) break; p->flags |= TERMP_NOBREAK | TERMP_BRIND | TERMP_HANG; @@ -862,9 +863,11 @@ termp_it_pre(DECL_ARGS) * don't want to recalculate rmargin and offsets when * using `Bd' or `Bl' within `-hang' overstep lists. */ - if (MDOC_HEAD == n->type && n->next->child && - (MDOC_Bl == n->next->child->tok || - MDOC_Bd == n->next->child->tok)) + if (MDOC_HEAD == n->type && + NULL != n->next && + NULL != n->next->child && + (MDOC_Bl == n->next->child->tok || + MDOC_Bd == n->next->child->tok)) break; /* FALLTHROUGH */ case LIST_bullet: @@ -1027,7 +1030,8 @@ termp_nm_pre(DECL_ARGS) if (MDOC_HEAD == n->type) synopsis_pre(p, n->parent); - if (MDOC_HEAD == n->type && n->next->child) { + if (MDOC_HEAD == n->type && + NULL != n->next && NULL != n->next->child) { p->flags |= TERMP_NOSPACE | TERMP_NOBREAK | TERMP_BRIND; p->trailspace = 1; p->rmargin = p->offset + term_len(p, 1); @@ -1055,7 +1059,8 @@ termp_nm_post(DECL_ARGS) if (MDOC_BLOCK == n->type) { p->flags &= ~(TERMP_KEEP | TERMP_PREKEEP); - } else if (MDOC_HEAD == n->type && n->next->child) { + } else if (MDOC_HEAD == n->type && + NULL != n->next && NULL != n->next->child) { term_flushln(p); p->flags &= ~(TERMP_NOBREAK | TERMP_BRIND | TERMP_HANG); p->trailspace = 0; |