Prevent heap-use-after-free in HTMLlineproc0()

Bug-Debian: https://github.com/tats/w3m/issues/65
author: Tatsuya Kinoshita <tats@debian.org> 2016-12-07 13:09:06 +0000
committer: Tatsuya Kinoshita <tats@debian.org> 2016-12-07 13:09:06 +0000
commit: 26484fc1381e5ec758db950f2bd17f1496220c92 (patch)
tree: b9f16505245e2494c23ecbe12c5d562384766a73
parent: Prevent negative values for offset and pos in push_link() (diff)
download: w3m-26484fc1381e5ec758db950f2bd17f1496220c92.tar.gz
w3m-26484fc1381e5ec758db950f2bd17f1496220c92.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/file.c b/file.c
index 35034ce..7d227da 100644
--- a/file.c
+++ b/file.c
@@ -6618,7 +6618,8 @@ HTMLlineproc0(char *line, struct html_feed_environ *h_env, int internal)
 		indent = h_env->envs[h_env->envc].indent;
 		if (obuf->bp.pos - i > indent) {
 		    Str line;
-		    append_tags(obuf);
+		    append_tags(obuf);	/* may reallocate the buffer */
+		    bp = obuf->line->ptr + obuf->bp.len;
 		    line = Strnew_charp(bp);
 		    Strshrink(obuf->line, obuf->line->length - obuf->bp.len);
 #ifdef FORMAT_NICE
author	Tatsuya Kinoshita <tats@debian.org>	2016-12-07 13:09:06 +0000
committer	Tatsuya Kinoshita <tats@debian.org>	2016-12-07 13:09:06 +0000
commit	26484fc1381e5ec758db950f2bd17f1496220c92 (patch)
tree	b9f16505245e2494c23ecbe12c5d562384766a73
parent	Prevent negative values for offset and pos in push_link() (diff)
download	w3m-26484fc1381e5ec758db950f2bd17f1496220c92.tar.gz w3m-26484fc1381e5ec758db950f2bd17f1496220c92.zip