aboutsummaryrefslogtreecommitdiffstats
path: root/debian/patches/955_CVE-2018-6196_tbl-indent.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/955_CVE-2018-6196_tbl-indent.patch')
-rw-r--r--debian/patches/955_CVE-2018-6196_tbl-indent.patch24
1 files changed, 24 insertions, 0 deletions
diff --git a/debian/patches/955_CVE-2018-6196_tbl-indent.patch b/debian/patches/955_CVE-2018-6196_tbl-indent.patch
new file mode 100644
index 0000000..279d2dd
--- /dev/null
+++ b/debian/patches/955_CVE-2018-6196_tbl-indent.patch
@@ -0,0 +1,24 @@
+Subject: Prevent negative indent value in feed_table_block_tag()
+From: Tatsuya Kinoshita <tats@debian.org>
+Bug-Debian: https://github.com/tats/w3m/issues/88 [CVE-2018-6196]
+Origin: https://salsa.debian.org/debian/w3m/commit/8354763b90490d4105695df52674d0fcef823e92
+
+Index: w3m-0.5.3/table.c
+===================================================================
+--- w3m-0.5.3.orig/table.c 2020-04-29 13:52:52.596689311 +0200
++++ w3m-0.5.3/table.c 2020-04-29 13:52:52.592689010 +0200
+@@ -2357,10 +2357,14 @@
+ if (mode->indent_level < MAX_INDENT_LEVEL)
+ tbl->indent -= INDENT_INCR;
+ }
++ if (tbl->indent < 0)
++ tbl->indent = 0;
+ offset = tbl->indent;
+ if (cmd == HTML_DT) {
+ if (mode->indent_level > 0 && mode->indent_level <= MAX_INDENT_LEVEL)
+ offset -= INDENT_INCR;
++ if (offset < 0)
++ offset = 0;
+ }
+ if (tbl->indent > 0) {
+ check_minimum0(tbl, 0);