From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from localhost (fantadrom.bsd.lv [local]); by fantadrom.bsd.lv (OpenSMTPD) with ESMTPA id 4c03ce43; for ; Fri, 28 Nov 2014 11:02:52 -0500 (EST) Date: Fri, 28 Nov 2014 11:02:52 -0500 (EST) Message-Id: <3156987663673481671.enqueue@fantadrom.bsd.lv> X-Mailinglist: mdocml-source Reply-To: source@mdocml.bsd.lv MIME-Version: 1.0 From: schwarze@mdocml.bsd.lv To: source@mdocml.bsd.lv Subject: mdocml: Be more careful about meta->name. X-Mailer: activitymail 1.26, http://search.cpan.org/dist/activitymail/ Content-Type: text/plain; charset=utf-8 Log Message: ----------- Be more careful about meta->name. For weird input, it can be NULL. Fixing a NULL access jsg@ found with afl. Modified Files: -------------- mdocml: mdoc_term.c Revision Data ------------- Index: mdoc_term.c =================================================================== RCS file: /home/cvs/mdocml/mdocml/mdoc_term.c,v retrieving revision 1.295 retrieving revision 1.296 diff -Lmdoc_term.c -Lmdoc_term.c -u -p -r1.295 -r1.296 --- mdoc_term.c +++ mdoc_term.c @@ -995,6 +995,7 @@ termp_it_post(DECL_ARGS) static int termp_nm_pre(DECL_ARGS) { + const char *cp; if (MDOC_BLOCK == n->type) { p->flags |= TERMP_PREKEEP; @@ -1005,12 +1006,15 @@ termp_nm_pre(DECL_ARGS) if (NULL == n->child) return(0); p->flags |= TERMP_NOSPACE; - p->offset += term_len(p, 1) + - (NULL == n->prev->child ? - term_strlen(p, meta->name) : - MDOC_TEXT == n->prev->child->type ? - term_strlen(p, n->prev->child->string) : - term_len(p, 5)); + cp = NULL; + if (n->prev->child != NULL) + cp = n->prev->child->string; + if (cp == NULL) + cp = meta->name; + if (cp == NULL) + p->offset += term_len(p, 6); + else + p->offset += term_len(p, 1) + term_strlen(p, cp); return(1); } -- To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv