From 5aaaa1efec72b1fffe5be3dbb469cbafca80e439 Mon Sep 17 00:00:00 2001
From: schwarze <schwarze@openbsd.org>
Date: Thu, 8 Jun 2017 19:35:34 +0000
Subject: [PATCH] Properly reinitialize roffce_node between parses, or this may
 crash with use-after-free in makewhatis(8); reported by jmc@, thanks!

---
 usr.bin/mandoc/roff.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/usr.bin/mandoc/roff.c b/usr.bin/mandoc/roff.c
index d1b83cbb867..dfb19918f2c 100644
--- a/usr.bin/mandoc/roff.c
+++ b/usr.bin/mandoc/roff.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: roff.c,v 1.178 2017/06/07 00:50:30 schwarze Exp $ */
+/*	$OpenBSD: roff.c,v 1.179 2017/06/08 19:35:34 schwarze Exp $ */
 /*
  * Copyright (c) 2008-2012, 2014 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2010-2015, 2017 Ingo Schwarze <schwarze@openbsd.org>
@@ -765,6 +765,10 @@ roff_reset(struct roff *r)
 	r->format = r->options & (MPARSE_MDOC | MPARSE_MAN);
 	r->control = '\0';
 	r->escape = '\\';
+	roffce_lines = 0;
+	roffce_node = NULL;
+	roffit_lines = 0;
+	roffit_macro = NULL;
 }
 
 void
-- 
2.20.1