From: schwarze@mdocml.bsd.lv
To: source@mdocml.bsd.lv
Subject: mdocml: Be more careful to not generate empty .In, .St, and .Xr nodes.
Date: Tue, 10 Feb 2015 12:48:15 -0500 (EST) [thread overview]
Message-ID: <5076053660302561882.enqueue@fantadrom.bsd.lv> (raw)
Log Message:
-----------
Be more careful to not generate empty .In, .St, and .Xr nodes.
That could happen when their first argument was another called macro,
causing a NULL pointer access in .St validation found by jsg@ with afl.
Make in_line_argn() easier to understand by using one state
variable rather than two.
Modified Files:
--------------
mdocml:
mdoc_macro.c
Revision Data
-------------
Index: mdoc_macro.c
===================================================================
RCS file: /home/cvs/mdocml/mdocml/mdoc_macro.c,v
retrieving revision 1.180
retrieving revision 1.181
diff -Lmdoc_macro.c -Lmdoc_macro.c -u -p -r1.180 -r1.181
--- mdoc_macro.c
+++ mdoc_macro.c
@@ -1285,11 +1285,12 @@ blk_part_exp(MACRO_PROT_ARGS)
static void
in_line_argn(MACRO_PROT_ARGS)
{
- int la, flushed, j, maxargs, nl;
- enum margserr ac;
struct mdoc_arg *arg;
char *p;
+ enum margserr ac;
enum mdoct ntok;
+ int state; /* arg#; -1: not yet open; -2: closed */
+ int la, maxargs, nl;
nl = mdoc->flags & MDOC_NEWLINE;
@@ -1323,67 +1324,76 @@ in_line_argn(MACRO_PROT_ARGS)
mdoc_argv(mdoc, line, tok, &arg, pos, buf);
+ state = -1;
p = NULL;
- flushed = j = 0;
for (;;) {
la = *pos;
ac = mdoc_args(mdoc, line, pos, buf, tok, &p);
+
+ if (ac == ARGS_WORD && state == -1 &&
+ ! (mdoc_macros[tok].flags & MDOC_IGNDELIM) &&
+ mdoc_isdelim(p) == DELIM_OPEN) {
+ dword(mdoc, line, la, p, DELIM_OPEN, 0);
+ continue;
+ }
+
+ if (state == -1 && tok != MDOC_In &&
+ tok != MDOC_St && tok != MDOC_Xr) {
+ mdoc_elem_alloc(mdoc, line, ppos, tok, arg);
+ state = 0;
+ }
+
if (ac == ARGS_PUNCT || ac == ARGS_EOLN) {
- if (j < 2 && tok == MDOC_Pf)
+ if (abs(state) < 2 && tok == MDOC_Pf)
mandoc_vmsg(MANDOCERR_PF_SKIP,
mdoc->parse, line, ppos, "Pf %s",
p == NULL ? "at eol" : p);
break;
}
- if ( ! (mdoc_macros[tok].flags & MDOC_IGNDELIM) &&
- ac != ARGS_QWORD && j == 0 &&
- mdoc_isdelim(p) == DELIM_OPEN) {
- dword(mdoc, line, la, p, DELIM_OPEN, 0);
- continue;
- } else if (j == 0)
- mdoc_elem_alloc(mdoc, line, ppos, tok, arg);
-
- if (j == maxargs && ! flushed) {
+ if (state == maxargs) {
rew_elem(mdoc, tok);
- flushed = 1;
+ state = -2;
}
- ntok = (ac == ARGS_QWORD || (tok == MDOC_Pf && j == 0)) ?
+ ntok = (ac == ARGS_QWORD || (tok == MDOC_Pf && state == 0)) ?
MDOC_MAX : lookup(mdoc, tok, line, la, p);
if (ntok != MDOC_MAX) {
- if ( ! flushed)
+ if (state >= 0) {
rew_elem(mdoc, tok);
- flushed = 1;
+ state = -2;
+ }
mdoc_macro(mdoc, ntok, line, la, pos, buf);
- j++;
break;
}
- if ( ! (mdoc_macros[tok].flags & MDOC_IGNDELIM) &&
- ac != ARGS_QWORD && ! flushed &&
- mdoc_isdelim(p) != DELIM_NONE) {
+ if (ac == ARGS_QWORD ||
+ mdoc_macros[tok].flags & MDOC_IGNDELIM ||
+ mdoc_isdelim(p) == DELIM_NONE) {
+ if (state == -1) {
+ mdoc_elem_alloc(mdoc, line, ppos, tok, arg);
+ state = 1;
+ } else if (state >= 0)
+ state++;
+ } else if (state >= 0) {
rew_elem(mdoc, tok);
- flushed = 1;
+ state = -2;
}
dword(mdoc, line, la, p, DELIM_MAX,
MDOC_JOIN & mdoc_macros[tok].flags);
- j++;
}
- if (j == 0) {
- if (tok == MDOC_In || tok == MDOC_St || tok == MDOC_Xr) {
- mandoc_msg(MANDOCERR_MACRO_EMPTY, mdoc->parse,
- line, ppos, mdoc_macronames[tok]);
- return;
- }
- mdoc_elem_alloc(mdoc, line, ppos, tok, arg);
- if (ac == ARGS_PUNCT && tok == MDOC_Pf)
- append_delims(mdoc, line, pos, buf);
+ if (state == -1) {
+ mandoc_msg(MANDOCERR_MACRO_EMPTY, mdoc->parse,
+ line, ppos, mdoc_macronames[tok]);
+ return;
}
- if ( ! flushed)
+
+ if (state == 0 && tok == MDOC_Pf)
+ append_delims(mdoc, line, pos, buf);
+ if (state >= 0)
rew_elem(mdoc, tok);
if (nl)
append_delims(mdoc, line, pos, buf);
--
To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv
reply other threads:[~2015-02-10 17:48 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5076053660302561882.enqueue@fantadrom.bsd.lv \
--to=schwarze@mdocml.bsd.lv \
--cc=source@mdocml.bsd.lv \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).