diff options
author | Tatsuya Kinoshita <tats@debian.org> | 2016-11-21 15:15:14 +0000 |
---|---|---|
committer | Tatsuya Kinoshita <tats@debian.org> | 2016-11-21 15:15:14 +0000 |
commit | 5e3e40ed6eeadfd7889d99d4f52108f2e6ee4c68 (patch) | |
tree | 77ba88e4921e27942271089974728f164cc27259 | |
parent | New patch 927_symbol.patch to fix array index (diff) | |
download | w3m-5e3e40ed6eeadfd7889d99d4f52108f2e6ee4c68.tar.gz w3m-5e3e40ed6eeadfd7889d99d4f52108f2e6ee4c68.zip |
New patch 928_form-id.patch to fix null deref
-rw-r--r-- | debian/patches/928_form-id.patch | 28 | ||||
-rw-r--r-- | debian/patches/series | 1 |
2 files changed, 29 insertions, 0 deletions
diff --git a/debian/patches/928_form-id.patch b/debian/patches/928_form-id.patch new file mode 100644 index 0000000..68a72c5 --- /dev/null +++ b/debian/patches/928_form-id.patch @@ -0,0 +1,28 @@ +Subject: Prevent null pointer deref due to bad form id +Author: Tatsuya Kinoshita <tats@debian.org> +Bug-Debian: https://github.com/tats/w3m/issues/39 +Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=9db438094e5f0d84842bcbd248f282594ccb3c89 + +diff --git a/file.c b/file.c +index e3f0544..834071d 100644 +--- a/file.c ++++ b/file.c +@@ -5805,7 +5805,8 @@ HTMLlineproc2body(Buffer *buf, Str (*feed) (), int llimit) + parsedtag_get_value(tag, ATTR_FID, &form_id); + parsedtag_get_value(tag, ATTR_TOP_MARGIN, &top); + parsedtag_get_value(tag, ATTR_BOTTOM_MARGIN, &bottom); +- if (form_id < 0 || form_id > form_max || forms == NULL) ++ if (form_id < 0 || form_id > form_max || ++ forms == NULL || forms[form_id] == NULL) + break; /* outside of <form>..</form> */ + form = forms[form_id]; + if (hseq > 0) { +@@ -7011,6 +7012,8 @@ print_internal_information(struct html_feed_environ *henv) + if (form_max >= 0) { + FormList *fp; + for (i = 0; i <= form_max; i++) { ++ if (forms[i] == NULL) ++ continue; + fp = forms[i]; + s = Sprintf("<form_int fid=\"%d\" action=\"%s\" method=\"%s\"", + i, html_quote(fp->action->ptr), diff --git a/debian/patches/series b/debian/patches/series index bdb9c46..60e9ec8 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -63,3 +63,4 @@ 925_lineproc.patch 926_indent-level.patch 927_symbol.patch +928_form-id.patch |