diff options
| author | Tatsuya Kinoshita <tats@debian.org> | 2016-11-21 15:05:33 +0000 |
|---|---|---|
| committer | Tatsuya Kinoshita <tats@debian.org> | 2016-11-21 15:07:27 +0000 |
| commit | 9c50804d4570f77e2c5891c9b51a08e1832ae852 (patch) | |
| tree | 6853a151cb2d5bea7b9c4fdc76f27b53b9545e0c | |
| parent | New patch 923_tagproc.patch to fix negative size allocation (diff) | |
| download | w3m-9c50804d4570f77e2c5891c9b51a08e1832ae852.tar.gz w3m-9c50804d4570f77e2c5891c9b51a08e1832ae852.zip | |
New patch 924_curline.patch to fix near-null deref
| -rw-r--r-- | debian/patches/924_curline.patch | 19 | ||||
| -rw-r--r-- | debian/patches/series | 1 |
2 files changed, 20 insertions, 0 deletions
diff --git a/debian/patches/924_curline.patch b/debian/patches/924_curline.patch new file mode 100644 index 0000000..361813b --- /dev/null +++ b/debian/patches/924_curline.patch @@ -0,0 +1,19 @@ +Subject: Prevent dereference near-null pointer in formUpdateBuffer +Author: Tatsuya Kinoshita <tats@debian.org> +Bug-Debian: https://github.com/tats/w3m/issues/35 +Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=e2c7ecec6f9b730ad3c9bf8c8df9212970f183d7 + +diff --git a/form.c b/form.c +index de7a4d9..1aaaf19 100644 +--- a/form.c ++++ b/form.c +@@ -442,7 +442,8 @@ formUpdateBuffer(Anchor *a, Buffer *buf, FormItemList *form) + switch (form->type) { + case FORM_INPUT_CHECKBOX: + case FORM_INPUT_RADIO: +- if (spos >= buf->currentLine->len || spos < 0) ++ if (buf->currentLine == NULL || ++ spos >= buf->currentLine->len || spos < 0) + break; + if (form->checked) + buf->currentLine->lineBuf[spos] = '*'; diff --git a/debian/patches/series b/debian/patches/series index 5750bcd..b122606 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -59,3 +59,4 @@ 921_cotable.patch 922_lineproc.patch 923_tagproc.patch +924_curline.patch |