aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTatsuya Kinoshita <tats@debian.org>2016-11-24 10:28:13 +0000
committerTatsuya Kinoshita <tats@debian.org>2016-11-24 10:28:13 +0000
commitae14acf2afde241f973f6f9259ef826136f2630a (patch)
tree4e45e4080051df6a7f91c0ef5f6271f4091cbd68
parentAdd CVE IDs (diff)
downloadw3m-ae14acf2afde241f973f6f9259ef826136f2630a.tar.gz
w3m-ae14acf2afde241f973f6f9259ef826136f2630a.zip
New patch 933_table-level.patch to fix out of memory [CVE-2016-9633]
Diffstat (limited to '')
-rw-r--r--debian/patches/933_table-level.patch22
-rw-r--r--debian/patches/series1
2 files changed, 23 insertions, 0 deletions
diff --git a/debian/patches/933_table-level.patch b/debian/patches/933_table-level.patch
new file mode 100644
index 0000000..f541eba
--- /dev/null
+++ b/debian/patches/933_table-level.patch
@@ -0,0 +1,22 @@
+Subject: Prevent memory exhausted due to repeat appending "</table>"
+Author: Tatsuya Kinoshita <tats@debian.org>
+Bug-Debian: https://github.com/tats/w3m/issues/23 [CVE-2016-9633]
+Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=216722ed7282cec4338b177ea9ffdd39ad1b8c8c
+
+diff --git a/file.c b/file.c
+index 660b10e..e82eaf1 100644
+--- a/file.c
++++ b/file.c
+@@ -6988,9 +6988,12 @@ completeHTMLstream(struct html_feed_environ *h_env, struct readbuffer *obuf)
+ obuf->table_level = MAX_TABLE - 1;
+
+ while (obuf->table_level >= 0) {
++ int tmp = obuf->table_level;
+ table_mode[obuf->table_level].pre_mode
+ &= ~(TBLM_SCRIPT | TBLM_STYLE | TBLM_PLAIN);
+ HTMLlineproc1("</table>", h_env);
++ if (obuf->table_level >= tmp)
++ break;
+ }
+ }
+
diff --git a/debian/patches/series b/debian/patches/series
index ca29872..d7c9aee 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -68,3 +68,4 @@
930_tbl-mode.patch
931_parse-url.patch
932_ucsmap.patch
+933_table-level.patch