diff options
author | Kristaps Dzonsons <kristaps@bsd.lv> | 2014-08-17 08:37:11 +0000 |
---|---|---|
committer | Kristaps Dzonsons <kristaps@bsd.lv> | 2014-08-17 08:37:11 +0000 |
commit | 682d74323d2362b8bc269b5f773b2b6e7d1208c5 (patch) | |
tree | cd3530d7ba0312263939d1cdb05965cb6f010ec2 /mdoc_term.c | |
parent | e88e13e117e3b7d9de27952e40bb54cc9f589074 (diff) | |
download | mandoc-682d74323d2362b8bc269b5f773b2b6e7d1208c5.tar.gz |
Protect against accessing "n->next->child" by first checking "n->next".
Noticed in a crash against ".It Nm Fo" with no closing "Fc".
Original patch expanded by schwarze@ then extended even more.
Diffstat (limited to 'mdoc_term.c')
-rw-r--r-- | mdoc_term.c | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/mdoc_term.c b/mdoc_term.c index aa37c581..8346e0b6 100644 --- a/mdoc_term.c +++ b/mdoc_term.c @@ -806,9 +806,10 @@ termp_it_pre(DECL_ARGS) * the "overstep" effect in term_flushln() and treat * this as a `-ohang' list instead. */ - if (n->next->child && - (MDOC_Bl == n->next->child->tok || - MDOC_Bd == n->next->child->tok)) + if (NULL != n->next && + NULL != n->next->child && + (MDOC_Bl == n->next->child->tok || + MDOC_Bd == n->next->child->tok)) break; p->flags |= TERMP_NOBREAK | TERMP_BRIND | TERMP_HANG; @@ -862,9 +863,11 @@ termp_it_pre(DECL_ARGS) * don't want to recalculate rmargin and offsets when * using `Bd' or `Bl' within `-hang' overstep lists. */ - if (MDOC_HEAD == n->type && n->next->child && - (MDOC_Bl == n->next->child->tok || - MDOC_Bd == n->next->child->tok)) + if (MDOC_HEAD == n->type && + NULL != n->next && + NULL != n->next->child && + (MDOC_Bl == n->next->child->tok || + MDOC_Bd == n->next->child->tok)) break; /* FALLTHROUGH */ case LIST_bullet: @@ -1027,7 +1030,8 @@ termp_nm_pre(DECL_ARGS) if (MDOC_HEAD == n->type) synopsis_pre(p, n->parent); - if (MDOC_HEAD == n->type && n->next->child) { + if (MDOC_HEAD == n->type && + NULL != n->next && NULL != n->next->child) { p->flags |= TERMP_NOSPACE | TERMP_NOBREAK | TERMP_BRIND; p->trailspace = 1; p->rmargin = p->offset + term_len(p, 1); @@ -1055,7 +1059,8 @@ termp_nm_post(DECL_ARGS) if (MDOC_BLOCK == n->type) { p->flags &= ~(TERMP_KEEP | TERMP_PREKEEP); - } else if (MDOC_HEAD == n->type && n->next->child) { + } else if (MDOC_HEAD == n->type && + NULL != n->next && NULL != n->next->child) { term_flushln(p); p->flags &= ~(TERMP_NOBREAK | TERMP_BRIND | TERMP_HANG); p->trailspace = 0; |