diff options
author | Tatsuya Kinoshita <tats@debian.org> | 2016-12-10 08:41:01 +0000 |
---|---|---|
committer | Tatsuya Kinoshita <tats@debian.org> | 2016-12-10 09:18:58 +0000 |
commit | 4381dffaa3fdf94c384f3588b5c7dff3ba1cc4ae (patch) | |
tree | 6dfaae41916da0356a7e353b2587abbfec0c95b0 | |
parent | Prevent overflow beyond the end of string in visible_length_plain() (diff) | |
download | w3m-4381dffaa3fdf94c384f3588b5c7dff3ba1cc4ae.tar.gz w3m-4381dffaa3fdf94c384f3588b5c7dff3ba1cc4ae.zip |
Prevent heap-buffer-overflow in Strnew_size()
Bug-Debian: https://github.com/tats/w3m/issues/72
Diffstat (limited to '')
-rw-r--r-- | Str.c | 2 |
1 files changed, 2 insertions, 0 deletions
@@ -48,6 +48,8 @@ Str Strnew_size(int n) { Str x = GC_MALLOC(sizeof(struct _Str)); + if (n < 0) + n = 0; x->ptr = GC_MALLOC_ATOMIC(n + 1); x->ptr[0] = '\0'; x->area_size = n + 1; |