aboutsummaryrefslogtreecommitdiffstats
path: root/debian
diff options
context:
space:
mode:
authorTatsuya Kinoshita <tats@debian.org>2021-02-28 07:56:01 +0000
committerTatsuya Kinoshita <tats@debian.org>2021-02-28 07:56:01 +0000
commit47bb0a495932cf6c685648a2b6e49b2111a507fb (patch)
tree342b2f87369ee6bd7dbb04fe23b819111d8ed21c /debian
parentUpdate 030_str-overflow.patch to fix overflow due to Str.c (diff)
downloadw3m-47bb0a495932cf6c685648a2b6e49b2111a507fb.tar.gz
w3m-47bb0a495932cf6c685648a2b6e49b2111a507fb.zip
New patch 040_libwc-overflow.patch to fix integer overflow in libwc
Diffstat (limited to '')
-rw-r--r--debian/patches/040_libwc-overflow.patch29
-rw-r--r--debian/patches/series1
2 files changed, 30 insertions, 0 deletions
diff --git a/debian/patches/040_libwc-overflow.patch b/debian/patches/040_libwc-overflow.patch
new file mode 100644
index 0000000..ab6fd8b
--- /dev/null
+++ b/debian/patches/040_libwc-overflow.patch
@@ -0,0 +1,29 @@
+Subject: Prevent unintentional integer overflow in libwc
+Author: Tatsuya Kinoshita <tats@debian.org>
+
+diff --git a/libwc/utf7.c b/libwc/utf7.c
+index 44a3330..874bc3d 100644
+--- a/libwc/utf7.c
++++ b/libwc/utf7.c
+@@ -73,7 +73,7 @@ wc_conv_from_utf7(Str is, wc_ces ces)
+ ;
+ if (p == ep)
+ return is;
+- os = Strnew_size(is->length * 4 / 3);
++ os = Strnew_size(is->length + is->length / 3);
+ if (p > sp)
+ Strcat_charp_n(os, is->ptr, (int)(p - sp));
+
+diff --git a/libwc/utf8.c b/libwc/utf8.c
+index e523139..c878499 100644
+--- a/libwc/utf8.c
++++ b/libwc/utf8.c
+@@ -150,7 +150,7 @@ wc_conv_from_utf8(Str is, wc_ces ces)
+ ;
+ if (p == ep)
+ return is;
+- os = Strnew_size(is->length * 4 / 3);
++ os = Strnew_size(is->length + is->length / 3);
+ if (p > sp)
+ Strcat_charp_n(os, is->ptr, (int)(p - sp));
+
diff --git a/debian/patches/series b/debian/patches/series
index b829509..043b91c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
010_section.patch
020_ssl-ca.patch
030_str-overflow.patch
+040_libwc-overflow.patch