diff options
| author | Tatsuya Kinoshita <tats@debian.org> | 2016-12-17 16:20:14 +0000 |
|---|---|---|
| committer | Tatsuya Kinoshita <tats@debian.org> | 2017-01-06 13:18:54 +0000 |
| commit | 56d3dd5a561413baa5fa5f95ff337351ddae7886 (patch) | |
| tree | c4ce52c9e7013fd356488cb2016827604fe12544 | |
| parent | Prevent infinite loop in feed_textarea() (diff) | |
| download | w3m-56d3dd5a561413baa5fa5f95ff337351ddae7886.tar.gz w3m-56d3dd5a561413baa5fa5f95ff337351ddae7886.zip | |
Prevent heap-use-after-free read in HTMLlineproc0()
Bug-Debian: https://github.com/tats/w3m/issues/81
Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=aa2077e06fc11f65ba1773e8f5da83d98057e829
| -rw-r--r-- | file.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -6328,7 +6328,7 @@ HTMLlineproc0(char *line, struct html_feed_environ *h_env, int internal) } if (h_env->tagbuf->length == 0) continue; - str = h_env->tagbuf->ptr; + str = Strdup(h_env->tagbuf)->ptr; if (*str == '<') { if (str[1] && REALLY_THE_BEGINNING_OF_A_TAG(str)) is_tag = TRUE; |