From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from localhost (fantadrom.bsd.lv [local]) by fantadrom.bsd.lv (OpenSMTPD) with ESMTPA id 6be1572e for ; Wed, 1 Aug 2018 11:01:29 -0500 (EST) Date: Wed, 1 Aug 2018 11:01:29 -0500 (EST) X-Mailinglist: mandoc-source Reply-To: source@mandoc.bsd.lv MIME-Version: 1.0 From: schwarze@mandoc.bsd.lv To: source@mandoc.bsd.lv Subject: mandoc: Fix an off-by-one string read access that could happen if an X-Mailer: activitymail 1.26, http://search.cpan.org/dist/activitymail/ Content-Type: text/plain; charset=utf-8 Message-Id: Log Message: ----------- Fix an off-by-one string read access that could happen if an empty string argument preceded a string argument beginning with "--". Found by Leah Neukirchen with -Wpointer-compare. Modified Files: -------------- mandoc: mdoc_validate.c Revision Data ------------- Index: mdoc_validate.c =================================================================== RCS file: /home/cvs/mandoc/mandoc/mdoc_validate.c,v retrieving revision 1.359 retrieving revision 1.360 diff -Lmdoc_validate.c -Lmdoc_validate.c -u -p -r1.359 -r1.360 --- mdoc_validate.c +++ mdoc_validate.c @@ -437,14 +437,13 @@ check_text_em(struct roff_man *mdoc, int isalpha((unsigned char)cp[-3]) : np != NULL && np->type == ROFFT_TEXT && - np->string != '\0' && + *np->string != '\0' && isalpha((unsigned char)np->string[ strlen(np->string) - 1])) || (cp[1] != '\0' && cp[2] != '\0' ? isalpha((unsigned char)cp[2]) : nn != NULL && nn->type == ROFFT_TEXT && - nn->string != '\0' && isalpha((unsigned char)*nn->string))) { mandoc_msg(MANDOCERR_DASHDASH, mdoc->parse, ln, pos + (int)(cp - p) - 1, NULL); -- To unsubscribe send an email to source+unsubscribe@mandoc.bsd.lv