diff options
author | Tatsuya Kinoshita <tats@debian.org> | 2021-02-28 07:56:01 +0000 |
---|---|---|
committer | Tatsuya Kinoshita <tats@debian.org> | 2021-02-28 07:56:01 +0000 |
commit | 47bb0a495932cf6c685648a2b6e49b2111a507fb (patch) | |
tree | 342b2f87369ee6bd7dbb04fe23b819111d8ed21c /debian | |
parent | Update 030_str-overflow.patch to fix overflow due to Str.c (diff) | |
download | w3m-47bb0a495932cf6c685648a2b6e49b2111a507fb.tar.gz w3m-47bb0a495932cf6c685648a2b6e49b2111a507fb.zip |
New patch 040_libwc-overflow.patch to fix integer overflow in libwc
Diffstat (limited to '')
-rw-r--r-- | debian/patches/040_libwc-overflow.patch | 29 | ||||
-rw-r--r-- | debian/patches/series | 1 |
2 files changed, 30 insertions, 0 deletions
diff --git a/debian/patches/040_libwc-overflow.patch b/debian/patches/040_libwc-overflow.patch new file mode 100644 index 0000000..ab6fd8b --- /dev/null +++ b/debian/patches/040_libwc-overflow.patch @@ -0,0 +1,29 @@ +Subject: Prevent unintentional integer overflow in libwc +Author: Tatsuya Kinoshita <tats@debian.org> + +diff --git a/libwc/utf7.c b/libwc/utf7.c +index 44a3330..874bc3d 100644 +--- a/libwc/utf7.c ++++ b/libwc/utf7.c +@@ -73,7 +73,7 @@ wc_conv_from_utf7(Str is, wc_ces ces) + ; + if (p == ep) + return is; +- os = Strnew_size(is->length * 4 / 3); ++ os = Strnew_size(is->length + is->length / 3); + if (p > sp) + Strcat_charp_n(os, is->ptr, (int)(p - sp)); + +diff --git a/libwc/utf8.c b/libwc/utf8.c +index e523139..c878499 100644 +--- a/libwc/utf8.c ++++ b/libwc/utf8.c +@@ -150,7 +150,7 @@ wc_conv_from_utf8(Str is, wc_ces ces) + ; + if (p == ep) + return is; +- os = Strnew_size(is->length * 4 / 3); ++ os = Strnew_size(is->length + is->length / 3); + if (p > sp) + Strcat_charp_n(os, is->ptr, (int)(p - sp)); + diff --git a/debian/patches/series b/debian/patches/series index b829509..043b91c 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,4 @@ 010_section.patch 020_ssl-ca.patch 030_str-overflow.patch +040_libwc-overflow.patch |