diff options
author | Tatsuya Kinoshita <tats@debian.org> | 2016-08-24 10:05:23 +0000 |
---|---|---|
committer | Tatsuya Kinoshita <tats@debian.org> | 2016-11-19 05:13:33 +0000 |
commit | 058c830fb05a864ffeb90f553573b0b5eec2b4d8 (patch) | |
tree | f1f80e7c51d498daffb813191717de530649f26b /table.c | |
parent | Fix uninitialised values for <i> and <dd> (diff) | |
download | w3m-058c830fb05a864ffeb90f553573b0b5eec2b4d8.tar.gz w3m-058c830fb05a864ffeb90f553573b0b5eec2b4d8.zip |
Truncate max_width for renderTable
Bug-Debian: https://github.com/tats/w3m/issues/25 [CVE-2016-9426]
Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=b910f0966d9efea93ea8cef491000a83ffb49c5e
Diffstat (limited to 'table.c')
-rw-r--r-- | table.c | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -1724,6 +1724,10 @@ renderTable(struct table *t, int max_width, struct html_feed_environ *h_env) if (max_width < rulewidth) max_width = rulewidth; +#define MAX_TABWIDTH 10000 + if (max_width > MAX_TABWIDTH) + max_width = MAX_TABWIDTH; + check_maximum_width(t); #ifdef MATRIX |