diff options
author | Ingo Schwarze <schwarze@openbsd.org> | 2015-02-02 04:04:45 +0000 |
---|---|---|
committer | Ingo Schwarze <schwarze@openbsd.org> | 2015-02-02 04:04:45 +0000 |
commit | 2a8721309f4f7dbbb5908c122a134490432f4431 (patch) | |
tree | 45a632d2db4aed675c18db41787e84fe5ad266f1 | |
parent | 9561b9378c37d424f287ca3746c714d696279248 (diff) | |
download | mandoc-2a8721309f4f7dbbb5908c122a134490432f4431.tar.gz |
When a full block macro gets closed out by a mismatching
block closure macro it calls, do not attempt to open its body.
This can for example happen for (nonsensical) constructions like
.Fo
.Nm Fc
in the SYNOPSIS. Fixing an assertion failure jsg@ found with afl
some time ago (test case number 731).
-rw-r--r-- | mdoc_macro.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/mdoc_macro.c b/mdoc_macro.c index 8624ea98..8b3ea05b 100644 --- a/mdoc_macro.c +++ b/mdoc_macro.c @@ -1077,8 +1077,9 @@ blk_full(MACRO_PROT_ARGS) { int la, nl, parsed; struct mdoc_arg *arg; - struct mdoc_node *head; /* save of head macro */ - struct mdoc_node *body; /* save of body macro */ + struct mdoc_node *blk; /* Our own block. */ + struct mdoc_node *head; /* Our own head. */ + struct mdoc_node *body; /* Our own body. */ struct mdoc_node *n; enum margserr ac, lac; char *p; @@ -1118,7 +1119,7 @@ blk_full(MACRO_PROT_ARGS) */ mdoc_argv(mdoc, line, tok, &arg, pos, buf); - mdoc_block_alloc(mdoc, line, ppos, tok, arg); + blk = mdoc_block_alloc(mdoc, line, ppos, tok, arg); head = body = NULL; /* @@ -1218,6 +1219,8 @@ blk_full(MACRO_PROT_ARGS) break; } + if (blk->flags & MDOC_VALID) + return; if (head == NULL) head = mdoc_head_alloc(mdoc, line, ppos, tok); if (nl) |