From ed556a16a0d0d619b59f20de7ff6e61eb00b0fde Mon Sep 17 00:00:00 2001 From: Ingo Schwarze Date: Fri, 16 Nov 2012 13:40:36 +0000 Subject: Fix a crash triggered by .Bl -tag .It Xo .El .Sh found by florian@. * When allocating a body end marker, copy the pointer to the normalized block information from the body block, avoiding the risk of subsequent null pointer derefence. * When inserting the body end marker into the syntax tree, do not try to copy that pointer from the parent block, because not being a direkt child of the block it belongs to is the whole point of a body end marker. * Even non-callable blocks (like Bd and Bl) can break other blocks; when this happens, postpone closing them out in the usual way. Completed and tested at the OpenBSD impromptu Coimbra hackathon (c2k12). Thanks to Pedro Almeida and the Laborat'orio de Computa,c~ao Avan,cada da Universidade de Coimbra (http://www.uc.pt/lca) for their hospitality! --- mdoc.c | 5 ++++- mdoc_macro.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/mdoc.c b/mdoc.c index b24f2f85..396d1019 100644 --- a/mdoc.c +++ b/mdoc.c @@ -1,4 +1,4 @@ -/* $Id: mdoc.c,v 1.201 2012/07/18 11:11:12 schwarze Exp $ */ +/* $Id: mdoc.c,v 1.202 2012/11/16 13:40:36 schwarze Exp $ */ /* * Copyright (c) 2008, 2009, 2010, 2011 Kristaps Dzonsons * Copyright (c) 2010, 2012 Ingo Schwarze @@ -375,6 +375,8 @@ node_append(struct mdoc *mdoc, struct mdoc_node *p) switch (p->type) { case (MDOC_BODY): + if (ENDBODY_NOT != p->end) + break; /* FALLTHROUGH */ case (MDOC_TAIL): /* FALLTHROUGH */ @@ -501,6 +503,7 @@ mdoc_endbody_alloc(struct mdoc *m, int line, int pos, enum mdoct tok, p = node_alloc(m, line, pos, tok, MDOC_BODY); p->pending = body; + p->norm = body->norm; p->end = end; if ( ! node_append(m, p)) return(0); diff --git a/mdoc_macro.c b/mdoc_macro.c index eb7c78aa..8cde4e8f 100644 --- a/mdoc_macro.c +++ b/mdoc_macro.c @@ -1,4 +1,4 @@ -/* $Id: mdoc_macro.c,v 1.117 2012/07/18 16:20:43 schwarze Exp $ */ +/* $Id: mdoc_macro.c,v 1.118 2012/11/16 13:40:36 schwarze Exp $ */ /* * Copyright (c) 2008-2012 Kristaps Dzonsons * Copyright (c) 2010, 2012 Ingo Schwarze @@ -738,7 +738,7 @@ blk_exp_close(MACRO_PROT_ARGS) if (later && MDOC_EXPLICIT & mdoc_macros[later->tok].flags) continue; - if (MDOC_CALLABLE & mdoc_macros[n->tok].flags) + if (MDOC_It != n->tok) later = n; } -- cgit v1.2.3