Properly reinitialize roffce_node between parses,

or this may crash with use-after-free in makewhatis(8); reported by jmc@, thanks!
author: Ingo Schwarze <schwarze@openbsd.org> 2017-06-08 19:35:51 +0000
committer: Ingo Schwarze <schwarze@openbsd.org> 2017-06-08 19:35:51 +0000
commit: 905be966d351a2409f65ae30c5c9aa5e10b69398 (patch)
tree: 3eb94f346181b368b14cee912248590041f61c63 /roff.c
parent: 487d956e07013bc929ab478a0503246df414b00a (diff)
download: mandoc-905be966d351a2409f65ae30c5c9aa5e10b69398.tar.gz
mandoc-905be966d351a2409f65ae30c5c9aa5e10b69398.tar.zst
mandoc-905be966d351a2409f65ae30c5c9aa5e10b69398.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/roff.c b/roff.c
index 6880719b..49c49078 100644
--- a/roff.c
+++ b/roff.c
@@ -1,4 +1,4 @@
-/*	$Id: roff.c,v 1.306 2017/06/07 00:50:34 schwarze Exp $ */
+/*	$Id: roff.c,v 1.307 2017/06/08 19:35:51 schwarze Exp $ */
 /*
  * Copyright (c) 2008-2012, 2014 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2010-2015, 2017 Ingo Schwarze <schwarze@openbsd.org>
@@ -767,6 +767,10 @@ roff_reset(struct roff *r)
 	r->format = r->options & (MPARSE_MDOC | MPARSE_MAN);
 	r->control = '\0';
 	r->escape = '\\';
+	roffce_lines = 0;
+	roffce_node = NULL;
+	roffit_lines = 0;
+	roffit_macro = NULL;
 }
 
 void
author	Ingo Schwarze <schwarze@openbsd.org>	2017-06-08 19:35:51 +0000
committer	Ingo Schwarze <schwarze@openbsd.org>	2017-06-08 19:35:51 +0000
commit	905be966d351a2409f65ae30c5c9aa5e10b69398 (patch)
tree	3eb94f346181b368b14cee912248590041f61c63 /roff.c
parent	487d956e07013bc929ab478a0503246df414b00a (diff)
download	mandoc-905be966d351a2409f65ae30c5c9aa5e10b69398.tar.gz mandoc-905be966d351a2409f65ae30c5c9aa5e10b69398.tar.zst mandoc-905be966d351a2409f65ae30c5c9aa5e10b69398.zip