New patch 914_curline.patch to fix near-null deref [CVE-2016-9440]

author: Tatsuya Kinoshita <tats@debian.org> 2016-11-21 14:34:04 +0000
committer: Tatsuya Kinoshita <tats@debian.org> 2016-11-21 14:34:04 +0000
commit: e1dd92b37f5d8d772a60b0db0a8fed6667d7d581 (patch)
tree: 2dffe1d29bc15d494fc81cf08ea770091e5b07a2 /debian/patches/914_curline.patch
parent: New patch 913_tabwidth.patch to fix heap corruption [CVE-2016-9426] (diff)
download: w3m-e1dd92b37f5d8d772a60b0db0a8fed6667d7d581.tar.gz
w3m-e1dd92b37f5d8d772a60b0db0a8fed6667d7d581.zip
1 files changed, 18 insertions, 0 deletions
diff --git a/debian/patches/914_curline.patch b/debian/patches/914_curline.patch
new file mode 100644
index 0000000..c977b87
--- /dev/null
+++ b/debian/patches/914_curline.patch
@@ -0,0 +1,18 @@
+Subject: Prevent segfault for formUpdateBuffer
+Author: Tatsuya Kinoshita <tats@debian.org>
+Bug-Debian: https://github.com/tats/w3m/issues/22 [CVE-2016-9440]
+Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=4a8d16fc8d08206dd7142435054ee38ff41805b7
+
+diff --git a/form.c b/form.c
+index 779ba2f..20b7310 100644
+--- a/form.c
++++ b/form.c
+@@ -461,6 +461,8 @@ formUpdateBuffer(Anchor *a, Buffer *buf, FormItemList *form)
+ #endif				/* MENU_SELECT */
+ 	    p = form->value->ptr;
+ 	l = buf->currentLine;
++	if (!l)
++	    break;
+ 	if (form->type == FORM_TEXTAREA) {
+ 	    int n = a->y - buf->currentLine->linenumber;
+ 	    if (n > 0)
author	Tatsuya Kinoshita <tats@debian.org>	2016-11-21 14:34:04 +0000
committer	Tatsuya Kinoshita <tats@debian.org>	2016-11-21 14:34:04 +0000
commit	e1dd92b37f5d8d772a60b0db0a8fed6667d7d581 (patch)
tree	2dffe1d29bc15d494fc81cf08ea770091e5b07a2 /debian/patches/914_curline.patch
parent	New patch 913_tabwidth.patch to fix heap corruption [CVE-2016-9426] (diff)
download	w3m-e1dd92b37f5d8d772a60b0db0a8fed6667d7d581.tar.gz w3m-e1dd92b37f5d8d772a60b0db0a8fed6667d7d581.zip