* mdocml: Closing a block validates it, which may end up deleting it, so
@ 2015-02-07 16:43 schwarze
0 siblings, 0 replies; only message in thread
From: schwarze @ 2015-02-07 16:43 UTC (permalink / raw)
To: source
Log Message:
-----------
Closing a block validates it, which may end up deleting it,
so if we are in a loop over blocks, cleanly restart the loop
rather than risking use after free; found by jsg@ with afl.
Modified Files:
--------------
mdocml:
mdoc_macro.c
Revision Data
-------------
Index: mdoc_macro.c
===================================================================
RCS file: /home/cvs/mdocml/mdocml/mdoc_macro.c,v
retrieving revision 1.179
retrieving revision 1.180
diff -Lmdoc_macro.c -Lmdoc_macro.c -u -p -r1.179 -r1.180
--- mdoc_macro.c
+++ mdoc_macro.c
@@ -941,6 +941,7 @@ blk_full(MACRO_PROT_ARGS)
mdoc_macronames[tok],
mdoc_macronames[n->tok]);
rew_pending(mdoc, n);
+ n = mdoc->last;
continue;
case MDOC_It:
/* Delay in case it's astray. */
--
To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2015-02-07 16:43 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-02-07 16:43 mdocml: Closing a block validates it, which may end up deleting it, so schwarze
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).