summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorIngo Schwarze <schwarze@openbsd.org>2014-11-28 16:02:52 +0000
committerIngo Schwarze <schwarze@openbsd.org>2014-11-28 16:02:52 +0000
commit0d85bf1b1bfc29a9c4d093a17b107eb043630da7 (patch)
treea788195670e48961697003b0371ec51b37aa8b1e
parentb7ed451bab9b712963df52a4f4ea0783fa4941d7 (diff)
downloadmandoc-0d85bf1b1bfc29a9c4d093a17b107eb043630da7.tar.gz
Be more careful about meta->name. For weird input, it can be NULL.
Fixing a NULL access jsg@ found with afl.
-rw-r--r--mdoc_term.c16
1 files changed, 10 insertions, 6 deletions
diff --git a/mdoc_term.c b/mdoc_term.c
index 60dd9f8e..4c11a3c3 100644
--- a/mdoc_term.c
+++ b/mdoc_term.c
@@ -995,6 +995,7 @@ termp_it_post(DECL_ARGS)
static int
termp_nm_pre(DECL_ARGS)
{
+ const char *cp;
if (MDOC_BLOCK == n->type) {
p->flags |= TERMP_PREKEEP;
@@ -1005,12 +1006,15 @@ termp_nm_pre(DECL_ARGS)
if (NULL == n->child)
return(0);
p->flags |= TERMP_NOSPACE;
- p->offset += term_len(p, 1) +
- (NULL == n->prev->child ?
- term_strlen(p, meta->name) :
- MDOC_TEXT == n->prev->child->type ?
- term_strlen(p, n->prev->child->string) :
- term_len(p, 5));
+ cp = NULL;
+ if (n->prev->child != NULL)
+ cp = n->prev->child->string;
+ if (cp == NULL)
+ cp = meta->name;
+ if (cp == NULL)
+ p->offset += term_len(p, 6);
+ else
+ p->offset += term_len(p, 1) + term_strlen(p, cp);
return(1);
}