From cb1515965e22f6ee49d207ee6fbe66f94e9230ba Mon Sep 17 00:00:00 2001 From: schwarze Date: Fri, 30 Jan 2015 17:31:20 +0000 Subject: Delete the redundant tbl span flags, just inspect the actual data where needed, which is less fragile. This fixes a subtle NULL pointer access to tp->tbl.cols: Due to a bug in the man(7) parser, the first span of a table can end up in a .TP head, in which case tblcalc() was never called. Found by jsg@ with afl. --- usr.bin/mandoc/tbl_html.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'usr.bin/mandoc/tbl_html.c') diff --git a/usr.bin/mandoc/tbl_html.c b/usr.bin/mandoc/tbl_html.c index 830a663492e..f5c844d7588 100644 --- a/usr.bin/mandoc/tbl_html.c +++ b/usr.bin/mandoc/tbl_html.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tbl_html.c,v 1.10 2015/01/30 04:08:37 schwarze Exp $ */ +/* $OpenBSD: tbl_html.c,v 1.11 2015/01/30 17:31:20 schwarze Exp $ */ /* * Copyright (c) 2011 Kristaps Dzonsons * @@ -52,7 +52,7 @@ html_tblopen(struct html *h, const struct tbl_span *sp) struct roffcol *col; int ic; - if (sp->flags & TBL_SPAN_FIRST) { + if (h->tbl.cols == NULL) { h->tbl.len = html_tbl_len; h->tbl.slen = html_tbl_strlen; tblcalc(&h->tbl, sp, 0); @@ -130,7 +130,7 @@ print_tbl(struct html *h, const struct tbl_span *sp) h->flags &= ~HTML_NONOSPACE; - if (sp->flags & TBL_SPAN_LAST) { + if (sp->next == NULL) { assert(h->tbl.cols); free(h->tbl.cols); h->tbl.cols = NULL; -- cgit v1.2.3-59-g8ed1b