diff options
author | Tatsuya Kinoshita <tats@debian.org> | 2016-11-21 14:39:06 +0000 |
---|---|---|
committer | Tatsuya Kinoshita <tats@debian.org> | 2016-11-21 14:39:06 +0000 |
commit | 109d4215269987279f9d4021ec16f37227fedf3a (patch) | |
tree | d5713d30982c2bbe36e52c6fda72714596526bf9 /debian/patches | |
parent | New patch 915_table-alt.patch to fix near-null deref [CVE-2016-9441] (diff) | |
download | w3m-109d4215269987279f9d4021ec16f37227fedf3a.tar.gz w3m-109d4215269987279f9d4021ec16f37227fedf3a.zip |
New patch 916_anchor.patch to fix heap write
[CVE-2016-9425] [CVE-2016-9428]
Diffstat (limited to 'debian/patches')
-rw-r--r-- | debian/patches/916_anchor.patch | 19 | ||||
-rw-r--r-- | debian/patches/series | 1 |
2 files changed, 20 insertions, 0 deletions
diff --git a/debian/patches/916_anchor.patch b/debian/patches/916_anchor.patch new file mode 100644 index 0000000..a5dbe61 --- /dev/null +++ b/debian/patches/916_anchor.patch @@ -0,0 +1,19 @@ +Subject: Prevent segfault due to buffer overflows in addMultirowsForm +Author: Tatsuya Kinoshita <tats@debian.org> +Bug-Debian: https://github.com/tats/w3m/issues/21 [CVE-2016-9425] +Bug-Debian: https://github.com/tats/w3m/issues/26 [CVE-2016-9428] +Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=4e464819dd360ffd3d58fa2a89216fe413cfcc74 + +diff --git a/anchor.c b/anchor.c +index 39f221d..e006aea 100644 +--- a/anchor.c ++++ b/anchor.c +@@ -687,6 +687,8 @@ addMultirowsForm(Buffer *buf, AnchorList *al) + a->hseq = a_form.hseq; + a->y = a_form.y; + a->end.pos = pos + ecol - col; ++ if (pos < 1 || a->end.pos >= l->size) ++ continue; + l->lineBuf[pos - 1] = '['; + l->lineBuf[a->end.pos] = ']'; + for (k = pos; k < a->end.pos; k++) diff --git a/debian/patches/series b/debian/patches/series index fb9b5b7..2720145 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -51,3 +51,4 @@ 913_tabwidth.patch 914_curline.patch 915_table-alt.patch +916_anchor.patch |