aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--debian/patches/911_rowcolspan.patch26
-rw-r--r--debian/patches/series1
2 files changed, 27 insertions, 0 deletions
diff --git a/debian/patches/911_rowcolspan.patch b/debian/patches/911_rowcolspan.patch
new file mode 100644
index 0000000..a6943bd
--- /dev/null
+++ b/debian/patches/911_rowcolspan.patch
@@ -0,0 +1,26 @@
+Subject: Fix table rowspan and colspan
+Author: Kuang-che Wu <kcwu@google.com>
+Origin: https://github.com/tats/w3m/pull/19
+Bug-Debian: https://github.com/tats/w3m/issues/8 [CVE-2016-9422]
+
+diff --git a/table.c b/table.c
+index d376284..deeab0a 100644
+--- a/table.c
++++ b/table.c
+@@ -2600,12 +2600,16 @@ feed_table_tag(struct table *tbl, char *line, struct table_mode *mode,
+ if ((tbl->row + rowspan) >= tbl->max_rowsize)
+ check_row(tbl, tbl->row + rowspan);
+ }
++ if (rowspan < 1)
++ rowspan = 1;
+ if (parsedtag_get_value(tag, ATTR_COLSPAN, &colspan)) {
+ if ((tbl->col + colspan) >= MAXCOL) {
+ /* Can't expand column */
+ colspan = MAXCOL - tbl->col;
+ }
+ }
++ if (colspan < 1)
++ colspan = 1;
+ if (parsedtag_get_value(tag, ATTR_ALIGN, &i)) {
+ switch (i) {
+ case ALIGN_LEFT:
diff --git a/debian/patches/series b/debian/patches/series
index 02b2580..4adc8e3 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -46,3 +46,4 @@
908_forms.patch
909_button-type.patch
910_input-alt.patch
+911_rowcolspan.patch