Prevent index overflow due to tag_map in libwc

Bug-Chromium: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31936
author: Tatsuya Kinoshita <tats@debian.org> 2021-03-11 10:34:53 +0000
committer: Tatsuya Kinoshita <tats@debian.org> 2021-03-11 10:34:53 +0000
commit: 2341cef6e98166977ee4f89cf1c3992a68cb3b4a (patch)
tree: f88557a635dc9c7f14a96de55a528e4f4f85cc1b /libwc/ucs.c
parent: Update ChangeLog (diff)
download: w3m-2341cef6e98166977ee4f89cf1c3992a68cb3b4a.tar.gz
w3m-2341cef6e98166977ee4f89cf1c3992a68cb3b4a.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/libwc/ucs.c b/libwc/ucs.c
index 18c3a67..5d110f3 100644
--- a/libwc/ucs.c
+++ b/libwc/ucs.c
@@ -677,9 +677,9 @@ wc_ucs_put_tag(char *p)
 	if (!strcasecmp(p, tag_map[i]))
 	    return i;
     }
-    n_tag_map++;
-    if (n_tag_map == MAX_TAG_MAP)
+    if (n_tag_map + 1 >= MAX_TAG_MAP)
 	return 0;
+    n_tag_map++;
     tag_map[n_tag_map] = p;
     return n_tag_map;
 }
@@ -687,7 +687,7 @@ wc_ucs_put_tag(char *p)
 char *
 wc_ucs_get_tag(int ntag)
 {
-    if (ntag == 0 || ntag > n_tag_map)
+    if (ntag <= 0 || ntag > n_tag_map)
 	return NULL;
     return tag_map[ntag];
 }
author	Tatsuya Kinoshita <tats@debian.org>	2021-03-11 10:34:53 +0000
committer	Tatsuya Kinoshita <tats@debian.org>	2021-03-11 10:34:53 +0000
commit	2341cef6e98166977ee4f89cf1c3992a68cb3b4a (patch)
tree	f88557a635dc9c7f14a96de55a528e4f4f85cc1b /libwc/ucs.c
parent	Update ChangeLog (diff)
download	w3m-2341cef6e98166977ee4f89cf1c3992a68cb3b4a.tar.gz w3m-2341cef6e98166977ee4f89cf1c3992a68cb3b4a.zip