Prevent heap-buffer-overflow in Strnew_size()

Bug-Debian: https://github.com/tats/w3m/issues/72
author: Tatsuya Kinoshita <tats@debian.org> 2016-12-10 08:41:01 +0000
committer: Tatsuya Kinoshita <tats@debian.org> 2016-12-10 09:18:58 +0000
commit: 4381dffaa3fdf94c384f3588b5c7dff3ba1cc4ae (patch)
tree: 6dfaae41916da0356a7e353b2587abbfec0c95b0
parent: Prevent overflow beyond the end of string in visible_length_plain() (diff)
download: w3m-4381dffaa3fdf94c384f3588b5c7dff3ba1cc4ae.tar.gz
w3m-4381dffaa3fdf94c384f3588b5c7dff3ba1cc4ae.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/Str.c b/Str.c
index d34129f..61fe3ca 100644
--- a/Str.c
+++ b/Str.c
@@ -48,6 +48,8 @@ Str
 Strnew_size(int n)
 {
     Str x = GC_MALLOC(sizeof(struct _Str));
+    if (n < 0)
+	n = 0;
     x->ptr = GC_MALLOC_ATOMIC(n + 1);
     x->ptr[0] = '\0';
     x->area_size = n + 1;
author	Tatsuya Kinoshita <tats@debian.org>	2016-12-10 08:41:01 +0000
committer	Tatsuya Kinoshita <tats@debian.org>	2016-12-10 09:18:58 +0000
commit	4381dffaa3fdf94c384f3588b5c7dff3ba1cc4ae (patch)
tree	6dfaae41916da0356a7e353b2587abbfec0c95b0
parent	Prevent overflow beyond the end of string in visible_length_plain() (diff)
download	w3m-4381dffaa3fdf94c384f3588b5c7dff3ba1cc4ae.tar.gz w3m-4381dffaa3fdf94c384f3588b5c7dff3ba1cc4ae.zip