mdocml: Make sure every layout line contains at least one cell; fixing a

source@mandoc.bsd.lv
 help / color / mirror / Atom feed

* mdocml: Make sure every layout line contains at least one cell; fixing a
@ 2015-01-30  0:30 schwarze
  0 siblings, 0 replies; only message in thread
From: schwarze @ 2015-01-30  0:30 UTC (permalink / raw)
  To: source

Log Message:
-----------
Make sure every layout line contains at least one cell;
fixing a NULL pointer access in term_tbl() that jsg@ found with afl.

Modified Files:
--------------
    mdocml:
        tbl_layout.c

Revision Data
-------------
Index: tbl_layout.c
===================================================================
RCS file: /home/cvs/mdocml/mdocml/tbl_layout.c,v
retrieving revision 1.34
retrieving revision 1.35
diff -Ltbl_layout.c -Ltbl_layout.c -u -p -r1.34 -r1.35
--- tbl_layout.c
+++ tbl_layout.c
@@ -262,11 +262,14 @@ tbl_layout(struct tbl_node *tbl, int ln,
 			 */
 
 			if (tbl->first_row == NULL) {
+				tbl->first_row = tbl->last_row =
+				    mandoc_calloc(1, sizeof(*rp));
+			}
+			if (tbl->first_row->first == NULL) {
 				mandoc_msg(MANDOCERR_TBLLAYOUT_NONE,
 				    tbl->parse, ln, pos, NULL);
-				rp = mandoc_calloc(1, sizeof(*rp));
-				cell_alloc(tbl, rp, TBL_CELL_LEFT);
-				tbl->first_row = tbl->last_row = rp;
+				cell_alloc(tbl, tbl->first_row,
+				    TBL_CELL_LEFT);
 				return;
 			}
 
@@ -282,19 +285,36 @@ tbl_layout(struct tbl_node *tbl, int ln,
 				    rp->last->head == tbl->last_head &&
 				    tbl->opts.rvert < rp->last->vert)
 					tbl->opts.rvert = rp->last->vert;
+
+				/* If the last line is empty, drop it. */
+
+				if (rp->next != NULL &&
+				    rp->next->first == NULL) {
+					free(rp->next);
+					rp->next = NULL;
+				}
 			}
 			return;
 		default:  /* Cell. */
 			break;
 		}
 
-		if (rp == NULL) {  /* First cell on this line. */
-			rp = mandoc_calloc(1, sizeof(*rp));
-			if (tbl->last_row)
-				tbl->last_row->next = rp;
-			else
-				tbl->first_row = rp;
-			tbl->last_row = rp;
+		/*
+		 * If the last line had at least one cell,
+		 * start a new one; otherwise, continue it.
+		 */
+
+		if (rp == NULL) {
+			if (tbl->last_row == NULL ||
+			    tbl->last_row->first != NULL) {
+				rp = mandoc_calloc(1, sizeof(*rp));
+				if (tbl->last_row)
+					tbl->last_row->next = rp;
+				else
+					tbl->first_row = rp;
+				tbl->last_row = rp;
+			} else
+				rp = tbl->last_row;
 		}
 		cell(tbl, rp, ln, p, &pos);
 	}
--
 To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2015-01-30  0:30 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-01-30  0:30 mdocml: Make sure every layout line contains at least one cell; fixing a schwarze

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).