diff options
author | Ingo Schwarze <schwarze@openbsd.org> | 2012-11-16 13:40:36 +0000 |
---|---|---|
committer | Ingo Schwarze <schwarze@openbsd.org> | 2012-11-16 13:40:36 +0000 |
commit | ed556a16a0d0d619b59f20de7ff6e61eb00b0fde (patch) | |
tree | 1cedd65b21f47ef6f80aaed8bbc22e378457bed3 /mdoc.c | |
parent | 7ecfd5e3557e3ab058790b07c004742041bb86e0 (diff) | |
download | mandoc-ed556a16a0d0d619b59f20de7ff6e61eb00b0fde.tar.gz mandoc-ed556a16a0d0d619b59f20de7ff6e61eb00b0fde.tar.zst mandoc-ed556a16a0d0d619b59f20de7ff6e61eb00b0fde.zip |
Fix a crash triggered by .Bl -tag .It Xo .El .Sh found by florian@.
* When allocating a body end marker, copy the pointer to the normalized
block information from the body block, avoiding the risk of subsequent
null pointer derefence.
* When inserting the body end marker into the syntax tree, do not try to
copy that pointer from the parent block, because not being a direkt child
of the block it belongs to is the whole point of a body end marker.
* Even non-callable blocks (like Bd and Bl) can break other blocks;
when this happens, postpone closing them out in the usual way.
Completed and tested at the OpenBSD impromptu Coimbra hackathon (c2k12).
Thanks to Pedro Almeida and the Laborat'orio de Computa,c~ao Avan,cada
da Universidade de Coimbra (http://www.uc.pt/lca) for their hospitality!
Diffstat (limited to 'mdoc.c')
-rw-r--r-- | mdoc.c | 5 |
1 files changed, 4 insertions, 1 deletions
@@ -1,4 +1,4 @@ -/* $Id: mdoc.c,v 1.201 2012/07/18 11:11:12 schwarze Exp $ */ +/* $Id: mdoc.c,v 1.202 2012/11/16 13:40:36 schwarze Exp $ */ /* * Copyright (c) 2008, 2009, 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2010, 2012 Ingo Schwarze <schwarze@openbsd.org> @@ -375,6 +375,8 @@ node_append(struct mdoc *mdoc, struct mdoc_node *p) switch (p->type) { case (MDOC_BODY): + if (ENDBODY_NOT != p->end) + break; /* FALLTHROUGH */ case (MDOC_TAIL): /* FALLTHROUGH */ @@ -501,6 +503,7 @@ mdoc_endbody_alloc(struct mdoc *m, int line, int pos, enum mdoct tok, p = node_alloc(m, line, pos, tok, MDOC_BODY); p->pending = body; + p->norm = body->norm; p->end = end; if ( ! node_append(m, p)) return(0); |