mdocml: When the head of a list item is extended with a partial explicit

source@mandoc.bsd.lv
 help / color / mirror / Atom feed

* mdocml: When the head of a list item is extended with a partial explicit
@ 2014-12-18 19:24 schwarze
  0 siblings, 0 replies; only message in thread
From: schwarze @ 2014-12-18 19:24 UTC (permalink / raw)
  To: source

Log Message:
-----------
When the head of a list item is extended with a partial explicit
macro (for example .Xo) and never closed again, the item ends up
without a body block.  This can even happen for list types that
usually don't have heads in the first place.  So even in this 
case, check for the existence of the body before accessing it.
NULL pointer access found by jsg@ with afl.

Modified Files:
--------------
    mdocml:
        mdoc_validate.c

Revision Data
-------------
Index: mdoc_validate.c
===================================================================
RCS file: /home/cvs/mdocml/mdocml/mdoc_validate.c,v
retrieving revision 1.263
retrieving revision 1.264
diff -Lmdoc_validate.c -Lmdoc_validate.c -u -p -r1.263 -r1.264
--- mdoc_validate.c
+++ mdoc_validate.c
@@ -1197,7 +1197,7 @@ post_it(POST_ARGS)
 	struct mdoc_node *nbl, *nit, *nch;
 
 	nit = mdoc->last;
-	if (MDOC_BLOCK != nit->type)
+	if (nit->type != MDOC_BLOCK)
 		return;
 
 	nbl = nit->parent->parent;
@@ -1213,7 +1213,7 @@ post_it(POST_ARGS)
 	case LIST_inset:
 		/* FALLTHROUGH */
 	case LIST_diag:
-		if (NULL == nit->head->child)
+		if (nit->head->child == NULL)
 			mandoc_vmsg(MANDOCERR_IT_NOHEAD,
 			    mdoc->parse, nit->line, nit->pos,
 			    "Bl -%s It",
@@ -1226,14 +1226,14 @@ post_it(POST_ARGS)
 	case LIST_enum:
 		/* FALLTHROUGH */
 	case LIST_hyphen:
-		if (NULL == nit->body->child)
+		if (nit->body == NULL || nit->body->child == NULL)
 			mandoc_vmsg(MANDOCERR_IT_NOBODY,
 			    mdoc->parse, nit->line, nit->pos,
 			    "Bl -%s It",
 			    mdoc_argnames[nbl->args->argv[0].arg]);
 		/* FALLTHROUGH */
 	case LIST_item:
-		if (NULL != nit->head->child)
+		if (nit->head->child != NULL)
 			mandoc_vmsg(MANDOCERR_ARG_SKIP,
 			    mdoc->parse, nit->line, nit->pos,
 			    "It %s", nit->head->child->string);
@@ -1241,10 +1241,10 @@ post_it(POST_ARGS)
 	case LIST_column:
 		cols = (int)nbl->norm->Bl.ncols;
 
-		assert(NULL == nit->head->child);
+		assert(nit->head->child == NULL);
 
 		for (i = 0, nch = nit->child; nch; nch = nch->next)
-			if (MDOC_BODY == nch->type)
+			if (nch->type == MDOC_BODY)
 				i++;
 
 		if (i < cols || i > cols + 1)
--
 To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2014-12-18 19:24 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-12-18 19:24 mdocml: When the head of a list item is extended with a partial explicit schwarze

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).