diff options
author | Kuang-che Wu <kcwu@google.com> | 2016-08-30 00:32:00 +0000 |
---|---|---|
committer | Tatsuya Kinoshita <tats@debian.org> | 2016-11-19 05:17:28 +0000 |
commit | 5b6087c1a4f308d939e7d241180a9526802f8f5b (patch) | |
tree | bdffbc0beb37eb47c9108ee7ef208224c5da5e2b /doc/README.cookie | |
parent | Prevent segfault due to buffer overflows in addMultirowsForm (diff) | |
download | w3m-5b6087c1a4f308d939e7d241180a9526802f8f5b.tar.gz w3m-5b6087c1a4f308d939e7d241180a9526802f8f5b.zip |
Fix potential heap buffer corruption due to Strgrow
If Str.length = 5 and area_size = 6, the result of Strgrow is still
area_size = 6. For such case, Strcat_char and Strinsert_char will
overflow one byte.
Bug-Debian: https://github.com/tats/w3m/pull/27 [CVE-2016-9442]
Origin: https://github.com/tats/w3m/pull/27/commits/c95a43dc92695464be11c8a51811aaa9761546e6
Diffstat (limited to 'doc/README.cookie')
0 files changed, 0 insertions, 0 deletions