Prevent heap-buffer-overflow in Strnew_size()

Bug-Debian: https://github.com/tats/w3m/issues/72 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=4381dffaa3fdf94c384f3588b5c7dff3ba1cc4ae
author: Tatsuya Kinoshita <tats@debian.org> 2016-12-10 08:41:01 +0000
committer: Tatsuya Kinoshita <tats@debian.org> 2017-01-06 13:14:18 +0000
commit: 738854a5f0ad402a3eafef4de6eb81f4cac15d03 (patch)
tree: 784e542aa1b1c7080dfce819057de22901d8e9fd
parent: Prevent overflow beyond the end of string in wtf_strwidth() and wtf_len() (diff)
download: w3m-738854a5f0ad402a3eafef4de6eb81f4cac15d03.tar.gz
w3m-738854a5f0ad402a3eafef4de6eb81f4cac15d03.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/Str.c b/Str.c
index 5287c0f..7a094f5 100644
--- a/Str.c
+++ b/Str.c
@@ -48,6 +48,8 @@ Str
 Strnew_size(int n)
 {
     Str x = GC_MALLOC(sizeof(struct _Str));
+    if (n < 0)
+	n = 0;
     x->ptr = GC_MALLOC_ATOMIC(n + 1);
     x->ptr[0] = '\0';
     x->area_size = n + 1;
author	Tatsuya Kinoshita <tats@debian.org>	2016-12-10 08:41:01 +0000
committer	Tatsuya Kinoshita <tats@debian.org>	2017-01-06 13:14:18 +0000
commit	738854a5f0ad402a3eafef4de6eb81f4cac15d03 (patch)
tree	784e542aa1b1c7080dfce819057de22901d8e9fd
parent	Prevent overflow beyond the end of string in wtf_strwidth() and wtf_len() (diff)
download	w3m-738854a5f0ad402a3eafef4de6eb81f4cac15d03.tar.gz w3m-738854a5f0ad402a3eafef4de6eb81f4cac15d03.zip