diff options
author | Tatsuya Kinoshita <tats@debian.org> | 2016-11-21 14:34:04 +0000 |
---|---|---|
committer | Tatsuya Kinoshita <tats@debian.org> | 2016-11-21 14:34:04 +0000 |
commit | e1dd92b37f5d8d772a60b0db0a8fed6667d7d581 (patch) | |
tree | 2dffe1d29bc15d494fc81cf08ea770091e5b07a2 | |
parent | New patch 913_tabwidth.patch to fix heap corruption [CVE-2016-9426] (diff) | |
download | w3m-e1dd92b37f5d8d772a60b0db0a8fed6667d7d581.tar.gz w3m-e1dd92b37f5d8d772a60b0db0a8fed6667d7d581.zip |
New patch 914_curline.patch to fix near-null deref [CVE-2016-9440]
-rw-r--r-- | debian/patches/914_curline.patch | 18 | ||||
-rw-r--r-- | debian/patches/series | 1 |
2 files changed, 19 insertions, 0 deletions
diff --git a/debian/patches/914_curline.patch b/debian/patches/914_curline.patch new file mode 100644 index 0000000..c977b87 --- /dev/null +++ b/debian/patches/914_curline.patch @@ -0,0 +1,18 @@ +Subject: Prevent segfault for formUpdateBuffer +Author: Tatsuya Kinoshita <tats@debian.org> +Bug-Debian: https://github.com/tats/w3m/issues/22 [CVE-2016-9440] +Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=4a8d16fc8d08206dd7142435054ee38ff41805b7 + +diff --git a/form.c b/form.c +index 779ba2f..20b7310 100644 +--- a/form.c ++++ b/form.c +@@ -461,6 +461,8 @@ formUpdateBuffer(Anchor *a, Buffer *buf, FormItemList *form) + #endif /* MENU_SELECT */ + p = form->value->ptr; + l = buf->currentLine; ++ if (!l) ++ break; + if (form->type == FORM_TEXTAREA) { + int n = a->y - buf->currentLine->linenumber; + if (n > 0) diff --git a/debian/patches/series b/debian/patches/series index 9404dea..8e9b809 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -49,3 +49,4 @@ 911_rowcolspan.patch 912_i-dd.patch 913_tabwidth.patch +914_curline.patch |