summaryrefslogtreecommitdiff
path: root/usr.bin/mandoc
diff options
context:
space:
mode:
authorIngo Schwarze <schwarze@cvs.openbsd.org>2017-07-31 15:19:00 +0000
committerIngo Schwarze <schwarze@cvs.openbsd.org>2017-07-31 15:19:00 +0000
commit77c221be2ad9ed3ebfd76d4595cd882c258e5a08 (patch)
tree4252c68749d81b65b430e5a83c2acabda2e819c1 /usr.bin/mandoc
parent298309a2f694c05ed7eae99df69f305d450753d5 (diff)
Fix an out of bounds read access to a constant array that caused
segfaults on certain hardened versions of glibc. Triggered by .sp or blank lines right before .SS or .SH, or before the first .Sh. Found the hard way by Dr. Markus Waldner on Debian and by Leah Neukirchen on Void Linux.
Diffstat (limited to 'usr.bin/mandoc')
-rw-r--r--usr.bin/mandoc/man_term.c6
-rw-r--r--usr.bin/mandoc/mdoc_validate.c4
2 files changed, 5 insertions, 5 deletions
diff --git a/usr.bin/mandoc/man_term.c b/usr.bin/mandoc/man_term.c
index 0bd7770395b..6fd2368e13c 100644
--- a/usr.bin/mandoc/man_term.c
+++ b/usr.bin/mandoc/man_term.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: man_term.c,v 1.161 2017/06/25 07:23:53 bentley Exp $ */
+/* $OpenBSD: man_term.c,v 1.162 2017/07/31 15:18:59 schwarze Exp $ */
/*
* Copyright (c) 2008-2012 Kristaps Dzonsons <kristaps@bsd.lv>
* Copyright (c) 2010-2015, 2017 Ingo Schwarze <schwarze@openbsd.org>
@@ -671,7 +671,7 @@ pre_SS(DECL_ARGS)
do {
n = n->prev;
- } while (n != NULL && n->tok != TOKEN_NONE &&
+ } while (n != NULL && n->tok >= MAN_TH &&
termacts[n->tok].flags & MAN_NOTEXT);
if (n == NULL || (n->tok == MAN_SS && n->body->child == NULL))
break;
@@ -733,7 +733,7 @@ pre_SH(DECL_ARGS)
do {
n = n->prev;
- } while (n != NULL && n->tok != TOKEN_NONE &&
+ } while (n != NULL && n->tok >= MAN_TH &&
termacts[n->tok].flags & MAN_NOTEXT);
if (n == NULL || (n->tok == MAN_SH && n->body->child == NULL))
break;
diff --git a/usr.bin/mandoc/mdoc_validate.c b/usr.bin/mandoc/mdoc_validate.c
index e0de8b6e8f2..2ea8d606bbf 100644
--- a/usr.bin/mandoc/mdoc_validate.c
+++ b/usr.bin/mandoc/mdoc_validate.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mdoc_validate.c,v 1.265 2017/07/20 12:53:55 schwarze Exp $ */
+/* $OpenBSD: mdoc_validate.c,v 1.266 2017/07/31 15:18:59 schwarze Exp $ */
/*
* Copyright (c) 2008-2012 Kristaps Dzonsons <kristaps@bsd.lv>
* Copyright (c) 2010-2017 Ingo Schwarze <schwarze@openbsd.org>
@@ -1916,7 +1916,7 @@ post_root(POST_ARGS)
/* Check that we begin with a proper `Sh'. */
n = mdoc->first->child;
- while (n != NULL && n->tok != TOKEN_NONE &&
+ while (n != NULL && n->tok >= MDOC_Dd &&
mdoc_macros[n->tok].flags & MDOC_PROLOGUE)
n = n->next;
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-23 05:32:18 +0000