aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTatsuya Kinoshita <tats@debian.org>2016-12-10 08:41:01 +0000
committerTatsuya Kinoshita <tats@debian.org>2016-12-10 09:18:58 +0000
commit4381dffaa3fdf94c384f3588b5c7dff3ba1cc4ae (patch)
tree6dfaae41916da0356a7e353b2587abbfec0c95b0
parentPrevent overflow beyond the end of string in visible_length_plain() (diff)
downloadw3m-4381dffaa3fdf94c384f3588b5c7dff3ba1cc4ae.tar.gz
w3m-4381dffaa3fdf94c384f3588b5c7dff3ba1cc4ae.zip
Prevent heap-buffer-overflow in Strnew_size()
Bug-Debian: https://github.com/tats/w3m/issues/72
Diffstat (limited to '')
-rw-r--r--Str.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/Str.c b/Str.c
index d34129f..61fe3ca 100644
--- a/Str.c
+++ b/Str.c
@@ -48,6 +48,8 @@ Str
Strnew_size(int n)
{
Str x = GC_MALLOC(sizeof(struct _Str));
+ if (n < 0)
+ n = 0;
x->ptr = GC_MALLOC_ATOMIC(n + 1);
x->ptr[0] = '\0';
x->area_size = n + 1;