mdocml: do not access a NULL pointer if an .Eo block lacks a tail; found

source@mandoc.bsd.lv
 help / color / mirror / Atom feed

* mdocml: do not access a NULL pointer if an .Eo block lacks a tail; found
@ 2015-02-11 14:15 schwarze
  0 siblings, 0 replies; only message in thread
From: schwarze @ 2015-02-11 14:15 UTC (permalink / raw)
  To: source

Log Message:
-----------
do not access a NULL pointer if an .Eo block lacks a tail;
found by jsg@ with afl, test case #16

Modified Files:
--------------
    mdocml:
        mdoc_html.c
        mdoc_man.c
        mdoc_term.c

Revision Data
-------------
Index: mdoc_html.c
===================================================================
RCS file: /home/cvs/mdocml/mdocml/mdoc_html.c,v
retrieving revision 1.223
retrieving revision 1.224
diff -Lmdoc_html.c -Lmdoc_html.c -u -p -r1.223 -r1.224
--- mdoc_html.c
+++ mdoc_html.c
@@ -2220,9 +2220,8 @@ mdoc_eo_pre(MDOC_ARGS)
 	    n->child->end != ENDBODY_NOT)
 		print_text(h, "\\&");
 	else if (n->end != ENDBODY_NOT ? n->child != NULL :
-	    n->parent->head->child != NULL &&
-	    (n->parent->body->child != NULL ||
-	     n->parent->tail->child != NULL))
+	    n->parent->head->child != NULL && (n->child != NULL ||
+	    (n->parent->tail != NULL && n->parent->tail->child != NULL)))
 		h->flags |= HTML_NOSPACE;
 	return(1);
 }
Index: mdoc_term.c
===================================================================
RCS file: /home/cvs/mdocml/mdocml/mdoc_term.c,v
retrieving revision 1.308
retrieving revision 1.309
diff -Lmdoc_term.c -Lmdoc_term.c -u -p -r1.308 -r1.309
--- mdoc_term.c
+++ mdoc_term.c
@@ -1989,9 +1989,8 @@ termp_eo_pre(DECL_ARGS)
 	    n->child->end != ENDBODY_NOT)
 		term_word(p, "\\&");
 	else if (n->end != ENDBODY_NOT ? n->child != NULL :
-	     n->parent->head->child != NULL &&
-	     (n->parent->body->child != NULL ||
-	      n->parent->tail->child != NULL))
+	     n->parent->head->child != NULL && (n->child != NULL ||
+	     (n->parent->tail != NULL && n->parent->tail->child != NULL)))
 		p->flags |= TERMP_NOSPACE;
 
 	return(1);
Index: mdoc_man.c
===================================================================
RCS file: /home/cvs/mdocml/mdocml/mdoc_man.c,v
retrieving revision 1.85
retrieving revision 1.86
diff -Lmdoc_man.c -Lmdoc_man.c -u -p -r1.85 -r1.86
--- mdoc_man.c
+++ mdoc_man.c
@@ -1140,9 +1140,8 @@ pre_eo(DECL_ARGS)
 	    n->child->end != ENDBODY_NOT)
 		print_word("\\&");
 	else if (n->end != ENDBODY_NOT ? n->child != NULL :
-	    n->parent->head->child != NULL &&
-	    (n->parent->body->child != NULL ||
-	     n->parent->tail->child != NULL))
+	    n->parent->head->child != NULL && (n->child != NULL ||
+	    (n->parent->tail != NULL && n->parent->tail->child != NULL)))
 		outflags &= ~(MMAN_spc | MMAN_nl);
 	return(1);
 }
--
 To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2015-02-11 14:15 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-02-11 14:15 mdocml: do not access a NULL pointer if an .Eo block lacks a tail; found schwarze

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).