'mdocml: Fix a crash triggered by .Bl -tag .It Xo .El .Sh found by'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mandoc-source
Subject:    mdocml: Fix a crash triggered by .Bl -tag .It Xo .El .Sh found by
From:       schwarze () mdocml ! bsd ! lv
Date:       2012-11-16 13:40:36
Message-ID: 201211161340.qAGDeanZ022823 () krisdoz ! my ! domain
[Download RAW message or body]

Log Message:
-----------
Fix a crash triggered by .Bl -tag .It Xo .El .Sh found by florian@.

* When allocating a body end marker, copy the pointer to the normalized
block information from the body block, avoiding the risk of subsequent 
null pointer derefence.
* When inserting the body end marker into the syntax tree, do not try to
copy that pointer from the parent block, because not being a direkt child
of the block it belongs to is the whole point of a body end marker.
* Even non-callable blocks (like Bd and Bl) can break other blocks;
when this happens, postpone closing them out in the usual way.

Completed and tested at the OpenBSD impromptu Coimbra hackathon (c2k12).
Thanks to Pedro Almeida and the Laborat'orio de Computa,c~ao Avan,cada
da Universidade de Coimbra (http://www.uc.pt/lca) for their hospitality!

Modified Files:
--------------
    mdocml:
        mdoc.c
        mdoc_macro.c

Revision Data
-------------
Index: mdoc_macro.c
===================================================================
RCS file: /usr/vhosts/mdocml.bsd.lv/cvs/mdocml/mdoc_macro.c,v
retrieving revision 1.117
retrieving revision 1.118
diff -Lmdoc_macro.c -Lmdoc_macro.c -u -p -r1.117 -r1.118
--- mdoc_macro.c
+++ mdoc_macro.c
@@ -738,7 +738,7 @@ blk_exp_close(MACRO_PROT_ARGS)
 		if (later &&
 		    MDOC_EXPLICIT & mdoc_macros[later->tok].flags)
 			continue;
-		if (MDOC_CALLABLE & mdoc_macros[n->tok].flags)
+		if (MDOC_It != n->tok)
 			later = n;
 	}
 
Index: mdoc.c
===================================================================
RCS file: /usr/vhosts/mdocml.bsd.lv/cvs/mdocml/mdoc.c,v
retrieving revision 1.201
retrieving revision 1.202
diff -Lmdoc.c -Lmdoc.c -u -p -r1.201 -r1.202
--- mdoc.c
+++ mdoc.c
@@ -375,6 +375,8 @@ node_append(struct mdoc *mdoc, struct md
 
 	switch (p->type) {
 	case (MDOC_BODY):
+		if (ENDBODY_NOT != p->end)
+			break;
 		/* FALLTHROUGH */
 	case (MDOC_TAIL):
 		/* FALLTHROUGH */
@@ -501,6 +503,7 @@ mdoc_endbody_alloc(struct mdoc *m, int l
 
 	p = node_alloc(m, line, pos, tok, MDOC_BODY);
 	p->pending = body;
+	p->norm = body->norm;
 	p->end = end;
 	if ( ! node_append(m, p))
 		return(0);
--
 To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic