diff options
| author | Ingo Schwarze <schwarze@openbsd.org> | 2020-01-11 16:26:08 +0000 |
|---|---|---|
| committer | Ingo Schwarze <schwarze@openbsd.org> | 2020-01-11 16:26:08 +0000 |
| commit | 120e03a35547cf8ffa7ddf118212933b757005e9 (patch) | |
| tree | cffaaf4a2a756905a62edf649d32bd66d99527b4 | |
| parent | 3511586366aa848d5ee18d7336f046cbdb0d583b (diff) | |
| download | mandoc-120e03a35547cf8ffa7ddf118212933b757005e9.tar.gz | |
Fix a logic error:
When both the first and the third column are spans, do not use
the number of columns of the span starting in column two
for the span starting in column zero.
With afl, Jan Schreiber <jes at posteo dot de> found cases where
this caused NULL pointer accesses because too many layout cells
were consumed.
While here, make the code more similar at the three places
that iterate over data cells.
| -rw-r--r-- | tbl_term.c | 25 |
1 files changed, 12 insertions, 13 deletions
@@ -1,7 +1,7 @@ /* $Id$ */ /* * Copyright (c) 2009, 2011 Kristaps Dzonsons <kristaps@bsd.lv> - * Copyright (c) 2011-2019 Ingo Schwarze <schwarze@openbsd.org> + * Copyright (c) 2011-2020 Ingo Schwarze <schwarze@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -267,11 +267,11 @@ term_tbl(struct termp *tp, const struct tbl_span *sp) hspans--; continue; } - if (dp == NULL) - continue; - hspans = dp->hspans; - if (ic || sp->layout->first->pos != TBL_CELL_SPAN) + if (dp != NULL && + (ic || sp->layout->first->pos != TBL_CELL_SPAN)) { + hspans = dp->hspans; dp = dp->next; + } } /* Set up a column for a right vertical frame. */ @@ -302,11 +302,11 @@ term_tbl(struct termp *tp, const struct tbl_span *sp) tp->tcol++; tp->col = 0; tbl_data(tp, sp->opts, cp, dp, tp->tbl.cols + ic); - if (dp == NULL) - continue; - hspans = dp->hspans; - if (cp->pos != TBL_CELL_SPAN) + if (dp != NULL && + (ic || sp->layout->first->pos != TBL_CELL_SPAN)) { + hspans = dp->hspans; dp = dp->next; + } } break; } @@ -425,11 +425,10 @@ term_tbl(struct termp *tp, const struct tbl_span *sp) cp = cp->next; continue; } - if (dp != NULL) { + if (dp != NULL && (ic || + sp->layout->first->pos != TBL_CELL_SPAN)) { hspans = dp->hspans; - if (ic || sp->layout->first->pos - != TBL_CELL_SPAN) - dp = dp->next; + dp = dp->next; } /* |