aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTatsuya Kinoshita <tats@debian.org>2016-08-24 10:05:23 +0000
committerTatsuya Kinoshita <tats@debian.org>2016-11-19 05:13:33 +0000
commit058c830fb05a864ffeb90f553573b0b5eec2b4d8 (patch)
treef1f80e7c51d498daffb813191717de530649f26b
parentFix uninitialised values for <i> and <dd> (diff)
downloadw3m-058c830fb05a864ffeb90f553573b0b5eec2b4d8.tar.gz
w3m-058c830fb05a864ffeb90f553573b0b5eec2b4d8.zip
Truncate max_width for renderTable
Bug-Debian: https://github.com/tats/w3m/issues/25 [CVE-2016-9426] Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=b910f0966d9efea93ea8cef491000a83ffb49c5e
Diffstat (limited to '')
-rw-r--r--table.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/table.c b/table.c
index deeab0a..a54ea01 100644
--- a/table.c
+++ b/table.c
@@ -1724,6 +1724,10 @@ renderTable(struct table *t, int max_width, struct html_feed_environ *h_env)
if (max_width < rulewidth)
max_width = rulewidth;
+#define MAX_TABWIDTH 10000
+ if (max_width > MAX_TABWIDTH)
+ max_width = MAX_TABWIDTH;
+
check_maximum_width(t);
#ifdef MATRIX