Fix null pointer dereference in formUpdateBuffer

Bug-Debian: https://github.com/tats/w3m/issues/28 [CVE-2016-9443] Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=ec9eb22e008a69ea9dc21fdca4b9b836679965ee Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=22d29c3d11bdfec80164789a99c36cc674340914
author: Tatsuya Kinoshita <tats@debian.org> 2016-10-07 21:39:47 +0000
committer: Tatsuya Kinoshita <tats@debian.org> 2016-11-19 05:24:45 +0000
commit: 77c2c85da5ca7865d840f563291bb5e67c4a29c2 (patch)
tree: 30015272bc35877f8b794d3044c026b4aef3ba80
parent: Fix potential heap buffer corruption due to Strgrow (diff)
download: w3m-77c2c85da5ca7865d840f563291bb5e67c4a29c2.tar.gz
w3m-77c2c85da5ca7865d840f563291bb5e67c4a29c2.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/form.c b/form.c
index 20b7310..e891df1 100644
--- a/form.c
+++ b/form.c
@@ -459,7 +459,11 @@ formUpdateBuffer(Anchor *a, Buffer *buf, FormItemList *form)
 	}
 	else
 #endif				/* MENU_SELECT */
+	{
+	    if (!form->value)
+		break;
 	    p = form->value->ptr;
+	}
 	l = buf->currentLine;
 	if (!l)
 	    break;
author	Tatsuya Kinoshita <tats@debian.org>	2016-10-07 21:39:47 +0000
committer	Tatsuya Kinoshita <tats@debian.org>	2016-11-19 05:24:45 +0000
commit	77c2c85da5ca7865d840f563291bb5e67c4a29c2 (patch)
tree	30015272bc35877f8b794d3044c026b4aef3ba80
parent	Fix potential heap buffer corruption due to Strgrow (diff)
download	w3m-77c2c85da5ca7865d840f563291bb5e67c4a29c2.tar.gz w3m-77c2c85da5ca7865d840f563291bb5e67c4a29c2.zip