aboutsummaryrefslogtreecommitdiffstats
path: root/README
diff options
context:
space:
mode:
authorKuang-che Wu <kcwu@google.com>2016-08-30 00:32:00 +0000
committerTatsuya Kinoshita <tats@debian.org>2016-11-19 05:17:28 +0000
commit5b6087c1a4f308d939e7d241180a9526802f8f5b (patch)
treebdffbc0beb37eb47c9108ee7ef208224c5da5e2b /README
parentPrevent segfault due to buffer overflows in addMultirowsForm (diff)
downloadw3m-5b6087c1a4f308d939e7d241180a9526802f8f5b.tar.gz
w3m-5b6087c1a4f308d939e7d241180a9526802f8f5b.zip
Fix potential heap buffer corruption due to Strgrow
If Str.length = 5 and area_size = 6, the result of Strgrow is still area_size = 6. For such case, Strcat_char and Strinsert_char will overflow one byte. Bug-Debian: https://github.com/tats/w3m/pull/27 [CVE-2016-9442] Origin: https://github.com/tats/w3m/pull/27/commits/c95a43dc92695464be11c8a51811aaa9761546e6
Diffstat (limited to 'README')
0 files changed, 0 insertions, 0 deletions