From a0500c3d4259db15e5b11c0d7cded19840efa3e5 Mon Sep 17 00:00:00 2001 From: Ingo Schwarze Date: Sun, 12 Feb 2017 14:19:01 +0000 Subject: Do not access a NULL pointer if a matrix or square root are empty. Crashes found by tb@ with afl(1). --- eqn_term.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'eqn_term.c') diff --git a/eqn_term.c b/eqn_term.c index 5f2818b4..43580152 100644 --- a/eqn_term.c +++ b/eqn_term.c @@ -1,7 +1,7 @@ -/* $Id: eqn_term.c,v 1.8 2015/01/01 15:36:08 schwarze Exp $ */ +/* $Id: eqn_term.c,v 1.9 2017/02/12 14:19:01 schwarze Exp $ */ /* * Copyright (c) 2011 Kristaps Dzonsons - * Copyright (c) 2014, 2015 Ingo Schwarze + * Copyright (c) 2014, 2015, 2017 Ingo Schwarze * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -68,8 +68,10 @@ eqn_box(struct termp *p, const struct eqn_box *bp) if (bp->pos == EQNPOS_SQRT) { term_word(p, "sqrt"); - p->flags |= TERMP_NOSPACE; - eqn_box(p, bp->first); + if (bp->first != NULL) { + p->flags |= TERMP_NOSPACE; + eqn_box(p, bp->first); + } } else if (bp->type == EQN_SUBEXPR) { child = bp->first; eqn_box(p, child); @@ -93,7 +95,8 @@ eqn_box(struct termp *p, const struct eqn_box *bp) } } else { child = bp->first; - if (bp->type == EQN_MATRIX && child->type == EQN_LIST) + if (bp->type == EQN_MATRIX && + child != NULL && child->type == EQN_LIST) child = child->first; while (child != NULL) { eqn_box(p, -- cgit v1.2.3-56-ge451