diff options
| author | Ingo Schwarze <schwarze@openbsd.org> | 2015-01-30 17:32:16 +0000 |
|---|---|---|
| committer | Ingo Schwarze <schwarze@openbsd.org> | 2015-01-30 17:32:16 +0000 |
| commit | fa0509ac63ac6d0a43a709893722ed6ca5f80611 (patch) | |
| tree | ff27fe4b98063dd10dbfc48b8d77712105d72c7c | |
| parent | 37b1fa2022515dadb78d40e740849dfc6bd68996 (diff) | |
| download | mandoc-fa0509ac63ac6d0a43a709893722ed6ca5f80611.tar.gz | |
Delete the redundant tbl span flags, just inspect the actual data
where needed, which is less fragile.
This fixes a subtle NULL pointer access to tp->tbl.cols:
Due to a bug in the man(7) parser, the first span of a table can
end up in a .TP head, in which case tblcalc() was never called.
Found by jsg@ with afl.
| -rw-r--r-- | man_term.c | 2 | ||||
| -rw-r--r-- | mandoc.h | 3 | ||||
| -rw-r--r-- | tbl.c | 4 | ||||
| -rw-r--r-- | tbl_data.c | 1 | ||||
| -rw-r--r-- | tbl_html.c | 4 | ||||
| -rw-r--r-- | tbl_term.c | 4 |
6 files changed, 5 insertions, 13 deletions
@@ -949,7 +949,7 @@ print_man_node(DECL_ARGS) * Tables are preceded by a newline. Then process a * table line, which will cause line termination, */ - if (TBL_SPAN_FIRST & n->span->flags) + if (n->span->prev == NULL) term_newln(p); term_tbl(p, n->span); return; @@ -285,9 +285,6 @@ struct tbl_span { struct tbl_span *prev; struct tbl_span *next; int line; /* parse line */ - int flags; -#define TBL_SPAN_FIRST (1 << 0) -#define TBL_SPAN_LAST (1 << 1) enum tbl_spant pos; }; @@ -179,9 +179,5 @@ tbl_end(struct tbl_node **tblp) tbl->line, tbl->pos, NULL); return(0); } - - if (tbl->last_span != NULL) - tbl->last_span->flags |= TBL_SPAN_LAST; - return(1); } @@ -173,7 +173,6 @@ newspan(struct tbl_node *tbl, int line, struct tbl_row *rp) if (dp->prev == NULL) { tbl->first_span = dp; tbl->current_span = NULL; - dp->flags |= TBL_SPAN_FIRST; } else dp->prev->next = dp; tbl->last_span = dp; @@ -54,7 +54,7 @@ html_tblopen(struct html *h, const struct tbl_span *sp) struct roffcol *col; int ic; - if (sp->flags & TBL_SPAN_FIRST) { + if (h->tbl.cols == NULL) { h->tbl.len = html_tbl_len; h->tbl.slen = html_tbl_strlen; tblcalc(&h->tbl, sp, 0); @@ -132,7 +132,7 @@ print_tbl(struct html *h, const struct tbl_span *sp) h->flags &= ~HTML_NONOSPACE; - if (sp->flags & TBL_SPAN_LAST) { + if (sp->next == NULL) { assert(h->tbl.cols); free(h->tbl.cols); h->tbl.cols = NULL; @@ -81,7 +81,7 @@ term_tbl(struct termp *tp, const struct tbl_span *sp) * calculate the table widths and decimal positions. */ - if (sp->flags & TBL_SPAN_FIRST) { + if (tp->tbl.cols == NULL) { term_flushln(tp); tp->tbl.len = term_tbl_len; @@ -189,7 +189,7 @@ term_tbl(struct termp *tp, const struct tbl_span *sp) * existing table configuration and set it to NULL. */ - if (sp->flags & TBL_SPAN_LAST) { + if (sp->next == NULL) { if (sp->opts->opts & (TBL_OPT_DBOX | TBL_OPT_BOX)) { tbl_hrule(tp, sp, 1); tp->skipvsp = 1; |