From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from krisdoz.my.domain (kristaps@localhost [127.0.0.1]) by krisdoz.my.domain (8.14.5/8.14.5) with ESMTP id s7H8bCXo004036 for ; Sun, 17 Aug 2014 04:37:12 -0400 (EDT) Received: (from kristaps@localhost) by krisdoz.my.domain (8.14.5/8.14.3/Submit) id s7H8bBQQ005143; Sun, 17 Aug 2014 04:37:11 -0400 (EDT) Date: Sun, 17 Aug 2014 04:37:11 -0400 (EDT) Message-Id: <201408170837.s7H8bBQQ005143@krisdoz.my.domain> X-Mailinglist: mdocml-source Reply-To: source@mdocml.bsd.lv MIME-Version: 1.0 From: kristaps@mdocml.bsd.lv To: source@mdocml.bsd.lv Subject: mdocml: Protect against accessing "n->next->child" by first checking X-Mailer: activitymail 1.26, http://search.cpan.org/dist/activitymail/ Content-Type: text/plain; charset=utf-8 Log Message: ----------- Protect against accessing "n->next->child" by first checking "n->next". Noticed in a crash against ".It Nm Fo" with no closing "Fc". Original patch expanded by schwarze@ then extended even more. Modified Files: -------------- mdocml: mdoc_term.c Revision Data ------------- Index: mdoc_term.c =================================================================== RCS file: /usr/vhosts/mdocml.bsd.lv/cvs/mdocml/mdoc_term.c,v retrieving revision 1.276 retrieving revision 1.277 diff -Lmdoc_term.c -Lmdoc_term.c -u -p -r1.276 -r1.277 --- mdoc_term.c +++ mdoc_term.c @@ -806,9 +806,10 @@ termp_it_pre(DECL_ARGS) * the "overstep" effect in term_flushln() and treat * this as a `-ohang' list instead. */ - if (n->next->child && - (MDOC_Bl == n->next->child->tok || - MDOC_Bd == n->next->child->tok)) + if (NULL != n->next && + NULL != n->next->child && + (MDOC_Bl == n->next->child->tok || + MDOC_Bd == n->next->child->tok)) break; p->flags |= TERMP_NOBREAK | TERMP_BRIND | TERMP_HANG; @@ -862,9 +863,11 @@ termp_it_pre(DECL_ARGS) * don't want to recalculate rmargin and offsets when * using `Bd' or `Bl' within `-hang' overstep lists. */ - if (MDOC_HEAD == n->type && n->next->child && - (MDOC_Bl == n->next->child->tok || - MDOC_Bd == n->next->child->tok)) + if (MDOC_HEAD == n->type && + NULL != n->next && + NULL != n->next->child && + (MDOC_Bl == n->next->child->tok || + MDOC_Bd == n->next->child->tok)) break; /* FALLTHROUGH */ case LIST_bullet: @@ -1027,7 +1030,8 @@ termp_nm_pre(DECL_ARGS) if (MDOC_HEAD == n->type) synopsis_pre(p, n->parent); - if (MDOC_HEAD == n->type && n->next->child) { + if (MDOC_HEAD == n->type && + NULL != n->next && NULL != n->next->child) { p->flags |= TERMP_NOSPACE | TERMP_NOBREAK | TERMP_BRIND; p->trailspace = 1; p->rmargin = p->offset + term_len(p, 1); @@ -1055,7 +1059,8 @@ termp_nm_post(DECL_ARGS) if (MDOC_BLOCK == n->type) { p->flags &= ~(TERMP_KEEP | TERMP_PREKEEP); - } else if (MDOC_HEAD == n->type && n->next->child) { + } else if (MDOC_HEAD == n->type && + NULL != n->next && NULL != n->next->child) { term_flushln(p); p->flags &= ~(TERMP_NOBREAK | TERMP_BRIND | TERMP_HANG); p->trailspace = 0; -- To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv