aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTatsuya Kinoshita <tats@debian.org>2016-11-21 15:15:14 +0000
committerTatsuya Kinoshita <tats@debian.org>2016-11-21 15:15:14 +0000
commit5e3e40ed6eeadfd7889d99d4f52108f2e6ee4c68 (patch)
tree77ba88e4921e27942271089974728f164cc27259
parentNew patch 927_symbol.patch to fix array index (diff)
downloadw3m-5e3e40ed6eeadfd7889d99d4f52108f2e6ee4c68.tar.gz
w3m-5e3e40ed6eeadfd7889d99d4f52108f2e6ee4c68.zip
New patch 928_form-id.patch to fix null deref
-rw-r--r--debian/patches/928_form-id.patch28
-rw-r--r--debian/patches/series1
2 files changed, 29 insertions, 0 deletions
diff --git a/debian/patches/928_form-id.patch b/debian/patches/928_form-id.patch
new file mode 100644
index 0000000..68a72c5
--- /dev/null
+++ b/debian/patches/928_form-id.patch
@@ -0,0 +1,28 @@
+Subject: Prevent null pointer deref due to bad form id
+Author: Tatsuya Kinoshita <tats@debian.org>
+Bug-Debian: https://github.com/tats/w3m/issues/39
+Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=9db438094e5f0d84842bcbd248f282594ccb3c89
+
+diff --git a/file.c b/file.c
+index e3f0544..834071d 100644
+--- a/file.c
++++ b/file.c
+@@ -5805,7 +5805,8 @@ HTMLlineproc2body(Buffer *buf, Str (*feed) (), int llimit)
+ parsedtag_get_value(tag, ATTR_FID, &form_id);
+ parsedtag_get_value(tag, ATTR_TOP_MARGIN, &top);
+ parsedtag_get_value(tag, ATTR_BOTTOM_MARGIN, &bottom);
+- if (form_id < 0 || form_id > form_max || forms == NULL)
++ if (form_id < 0 || form_id > form_max ||
++ forms == NULL || forms[form_id] == NULL)
+ break; /* outside of <form>..</form> */
+ form = forms[form_id];
+ if (hseq > 0) {
+@@ -7011,6 +7012,8 @@ print_internal_information(struct html_feed_environ *henv)
+ if (form_max >= 0) {
+ FormList *fp;
+ for (i = 0; i <= form_max; i++) {
++ if (forms[i] == NULL)
++ continue;
+ fp = forms[i];
+ s = Sprintf("<form_int fid=\"%d\" action=\"%s\" method=\"%s\"",
+ i, html_quote(fp->action->ptr),
diff --git a/debian/patches/series b/debian/patches/series
index bdb9c46..60e9ec8 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -63,3 +63,4 @@
925_lineproc.patch
926_indent-level.patch
927_symbol.patch
+928_form-id.patch