From: schwarze@mdocml.bsd.lv
To: source@mdocml.bsd.lv
Subject: mdocml: do not access a NULL pointer if an .Eo block lacks a tail; found
Date: Wed, 11 Feb 2015 09:15:42 -0500 (EST) [thread overview]
Message-ID: <13822204771807575874.enqueue@fantadrom.bsd.lv> (raw)
Log Message:
-----------
do not access a NULL pointer if an .Eo block lacks a tail;
found by jsg@ with afl, test case #16
Modified Files:
--------------
mdocml:
mdoc_html.c
mdoc_man.c
mdoc_term.c
Revision Data
-------------
Index: mdoc_html.c
===================================================================
RCS file: /home/cvs/mdocml/mdocml/mdoc_html.c,v
retrieving revision 1.223
retrieving revision 1.224
diff -Lmdoc_html.c -Lmdoc_html.c -u -p -r1.223 -r1.224
--- mdoc_html.c
+++ mdoc_html.c
@@ -2220,9 +2220,8 @@ mdoc_eo_pre(MDOC_ARGS)
n->child->end != ENDBODY_NOT)
print_text(h, "\\&");
else if (n->end != ENDBODY_NOT ? n->child != NULL :
- n->parent->head->child != NULL &&
- (n->parent->body->child != NULL ||
- n->parent->tail->child != NULL))
+ n->parent->head->child != NULL && (n->child != NULL ||
+ (n->parent->tail != NULL && n->parent->tail->child != NULL)))
h->flags |= HTML_NOSPACE;
return(1);
}
Index: mdoc_term.c
===================================================================
RCS file: /home/cvs/mdocml/mdocml/mdoc_term.c,v
retrieving revision 1.308
retrieving revision 1.309
diff -Lmdoc_term.c -Lmdoc_term.c -u -p -r1.308 -r1.309
--- mdoc_term.c
+++ mdoc_term.c
@@ -1989,9 +1989,8 @@ termp_eo_pre(DECL_ARGS)
n->child->end != ENDBODY_NOT)
term_word(p, "\\&");
else if (n->end != ENDBODY_NOT ? n->child != NULL :
- n->parent->head->child != NULL &&
- (n->parent->body->child != NULL ||
- n->parent->tail->child != NULL))
+ n->parent->head->child != NULL && (n->child != NULL ||
+ (n->parent->tail != NULL && n->parent->tail->child != NULL)))
p->flags |= TERMP_NOSPACE;
return(1);
Index: mdoc_man.c
===================================================================
RCS file: /home/cvs/mdocml/mdocml/mdoc_man.c,v
retrieving revision 1.85
retrieving revision 1.86
diff -Lmdoc_man.c -Lmdoc_man.c -u -p -r1.85 -r1.86
--- mdoc_man.c
+++ mdoc_man.c
@@ -1140,9 +1140,8 @@ pre_eo(DECL_ARGS)
n->child->end != ENDBODY_NOT)
print_word("\\&");
else if (n->end != ENDBODY_NOT ? n->child != NULL :
- n->parent->head->child != NULL &&
- (n->parent->body->child != NULL ||
- n->parent->tail->child != NULL))
+ n->parent->head->child != NULL && (n->child != NULL ||
+ (n->parent->tail != NULL && n->parent->tail->child != NULL)))
outflags &= ~(MMAN_spc | MMAN_nl);
return(1);
}
--
To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv
reply other threads:[~2015-02-11 14:15 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=13822204771807575874.enqueue@fantadrom.bsd.lv \
--to=schwarze@mdocml.bsd.lv \
--cc=source@mdocml.bsd.lv \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).