aboutsummaryrefslogtreecommitdiffstats
path: root/debian/patches/956_CVE-2018-6197_columnpos.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/956_CVE-2018-6197_columnpos.patch')
-rw-r--r--debian/patches/956_CVE-2018-6197_columnpos.patch18
1 files changed, 18 insertions, 0 deletions
diff --git a/debian/patches/956_CVE-2018-6197_columnpos.patch b/debian/patches/956_CVE-2018-6197_columnpos.patch
new file mode 100644
index 0000000..10e94e3
--- /dev/null
+++ b/debian/patches/956_CVE-2018-6197_columnpos.patch
@@ -0,0 +1,18 @@
+Subject: Prevent invalid columnPos() call in formUpdateBuffer()
+From: Tatsuya Kinoshita <tats@debian.org>
+Bug-Debian: https://github.com/tats/w3m/issues/89 [CVE-2018-6197]
+Origin: https://salsa.debian.org/debian/w3m/commit/7fdc83b0364005a0b5ed869230dd81752ba022e8
+
+Index: w3m-0.5.3/form.c
+===================================================================
+--- w3m-0.5.3.orig/form.c 2020-04-29 13:52:58.629142811 +0200
++++ w3m-0.5.3/form.c 2020-04-29 13:52:58.621142209 +0200
+@@ -483,6 +483,8 @@
+ rows = form->rows ? form->rows : 1;
+ col = COLPOS(l, a->start.pos);
+ for (c_rows = 0; c_rows < rows; c_rows++, l = l->next) {
++ if (l == NULL)
++ break;
+ if (rows > 1) {
+ pos = columnPos(l, col);
+ a = retrieveAnchor(buf->formitem, l->linenumber, pos);
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-21 16:00:21 +0000