diff options
author | Tatsuya Kinoshita <tats@debian.org> | 2016-11-24 10:28:13 +0000 |
---|---|---|
committer | Tatsuya Kinoshita <tats@debian.org> | 2016-11-24 10:28:13 +0000 |
commit | ae14acf2afde241f973f6f9259ef826136f2630a (patch) | |
tree | 4e45e4080051df6a7f91c0ef5f6271f4091cbd68 /debian/patches | |
parent | Add CVE IDs (diff) | |
download | w3m-ae14acf2afde241f973f6f9259ef826136f2630a.tar.gz w3m-ae14acf2afde241f973f6f9259ef826136f2630a.zip |
New patch 933_table-level.patch to fix out of memory [CVE-2016-9633]
Diffstat (limited to '')
-rw-r--r-- | debian/patches/933_table-level.patch | 22 | ||||
-rw-r--r-- | debian/patches/series | 1 |
2 files changed, 23 insertions, 0 deletions
diff --git a/debian/patches/933_table-level.patch b/debian/patches/933_table-level.patch new file mode 100644 index 0000000..f541eba --- /dev/null +++ b/debian/patches/933_table-level.patch @@ -0,0 +1,22 @@ +Subject: Prevent memory exhausted due to repeat appending "</table>" +Author: Tatsuya Kinoshita <tats@debian.org> +Bug-Debian: https://github.com/tats/w3m/issues/23 [CVE-2016-9633] +Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=216722ed7282cec4338b177ea9ffdd39ad1b8c8c + +diff --git a/file.c b/file.c +index 660b10e..e82eaf1 100644 +--- a/file.c ++++ b/file.c +@@ -6988,9 +6988,12 @@ completeHTMLstream(struct html_feed_environ *h_env, struct readbuffer *obuf) + obuf->table_level = MAX_TABLE - 1; + + while (obuf->table_level >= 0) { ++ int tmp = obuf->table_level; + table_mode[obuf->table_level].pre_mode + &= ~(TBLM_SCRIPT | TBLM_STYLE | TBLM_PLAIN); + HTMLlineproc1("</table>", h_env); ++ if (obuf->table_level >= tmp) ++ break; + } + } + diff --git a/debian/patches/series b/debian/patches/series index ca29872..d7c9aee 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -68,3 +68,4 @@ 930_tbl-mode.patch 931_parse-url.patch 932_ucsmap.patch +933_table-level.patch |