aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Prevent overflow beyond the end of string in wtf_parse1()v0.5.3+debian-19+deb8u2Tatsuya Kinoshita2017-01-061-12/+32
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/68 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=00433f4ac2645ac6236ea1892b4a93f26a039a84
* Preserve one byte for end of string character in form_update_line()Tatsuya Kinoshita2017-01-061-1/+2
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/68#issuecomment-266214643 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=eb4130a7cd2202de6aeb772b7e4f2a417dbff173
* Prevent invalid form_update_line() call in formUpdateBuffer()Tatsuya Kinoshita2017-01-061-1/+2
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/82 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=dc32152dc051923e322fc251aaa2dbd5e54c0fbf
* Prevent heap-use-after-free read in HTMLlineproc0()Tatsuya Kinoshita2017-01-061-1/+1
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/81 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=aa2077e06fc11f65ba1773e8f5da83d98057e829
* Prevent infinite loop in feed_textarea()Tatsuya Kinoshita2017-01-061-1/+3
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/85 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=7a2675b4a5680d44645e72c4ec1258746a6e1b66
* Prevent overflow beyond the end of string for wtf to wcs macrosTatsuya Kinoshita2017-01-061-2/+4
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/77 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=c3a3305e0334f76626aeaca76bcfab04a94f851d
* Prevent overflow beyond the end of string in caller of get_mclen()Tatsuya Kinoshita2017-01-063-6/+10
| | | | | | | | | | | | | | Bug-Debian: https://github.com/tats/w3m/issues/59 Bug-Debian: https://github.com/tats/w3m/issues/73 Bug-Debian: https://github.com/tats/w3m/issues/74 Bug-Debian: https://github.com/tats/w3m/issues/75 Bug-Debian: https://github.com/tats/w3m/issues/76 Bug-Debian: https://github.com/tats/w3m/issues/78 Bug-Debian: https://github.com/tats/w3m/issues/79 Bug-Debian: https://github.com/tats/w3m/issues/80 Bug-Debian: https://github.com/tats/w3m/issues/83 Bug-Debian: https://github.com/tats/w3m/issues/84 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=6eea841d3a0f8dc539584dc67b15f585a8213775
* Prevent negative array index for realColumn in calcPosition()Tatsuya Kinoshita2017-01-061-1/+1
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/69 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=1978455e2ed01699789e8374d29515b74b867b2b
* Prevent heap-buffer-overflow in Strnew_size()Tatsuya Kinoshita2017-01-061-0/+2
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/72 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=4381dffaa3fdf94c384f3588b5c7dff3ba1cc4ae
* Prevent overflow beyond the end of string in wtf_strwidth() and wtf_len()Tatsuya Kinoshita2017-01-061-2/+4
| | | | | | Bug-Debian: https://github.com/tats/w3m/issues/57 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=7fbaf9444fcd2d3ce061775949b38deb4d489943 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=a56a8ef132945512c010cbcbc873dbb42274f9bd
* Prevent heap-use-after-free in HTMLlineproc0()Tatsuya Kinoshita2017-01-061-1/+2
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/65 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=26484fc1381e5ec758db950f2bd17f1496220c92
* Prevent negative values for offset and pos in push_link()Tatsuya Kinoshita2017-01-061-2/+6
| | | | | | Bug-Debian: https://github.com/tats/w3m/issues/64 Bug-Debian: https://github.com/tats/w3m/issues/66 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=ecf57714191b77142da74035b748262cdc80dfb7
* Prevent array index out of bounds for tridvalue in feed_table_tag()Tatsuya Kinoshita2017-01-061-1/+3
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/71 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=30b0c971676e229dabd2715c200f76bcfe27a714
* Prevent negative array index in set_integered_width()Tatsuya Kinoshita2017-01-061-2/+2
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/70 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=a3ed914b0cfc3750e0eb57bb21e2ec6f86ca94f0
* Prevent array index out of bounds for tabattr in feed_table_tag()Tatsuya Kinoshita2017-01-061-1/+1
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/60 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=a6ddc331e90698fa57732bd55f2e8407f3f32f7a
* Prevent negative array index in process_textarea()Tatsuya Kinoshita2017-01-061-1/+1
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/58 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=d7f55d5959c3e06e9f110f13def7ae9015882e1e
* Prevent negative array index for marks in HTMLlineproc2body()Tatsuya Kinoshita2017-01-061-1/+1
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/61 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=f34c37f3156d1578a53dccc582c83c88fff76f87
* Prevent negative value of row for pushTable() in HTMLlineproc0()Tatsuya Kinoshita2017-01-061-0/+2
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/67 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=0e66622582db13c4ffeba38067e15efd2d68cd75
* Prevent negative array index in getMetaRefreshParam()Tatsuya Kinoshita2017-01-061-2/+3
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/63 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=6c6a2cbced21ceec2fac08fba1ad271a77f9dbc2
* Prevent negative array index for marks in shiftAnchorPosition()Tatsuya Kinoshita2017-01-061-1/+2
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/62 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=d57c13282afc6b7dca029f992331b7afa0413356
* Fix menu buffer-overflowKuang-che Wu2017-01-061-1/+1
| | | | | Bug-Debian: https://github.com/tats/w3m/pull/49 Origin: https://github.com/tats/w3m/pull/49/commits/7e1c05dd90cf42a308e854881ea3813aed000d2e
* Prevent memory exhausted due to repeat appending "</table>"v0.5.3+debian-19+deb8u1Tatsuya Kinoshita2016-11-241-0/+3
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/23 [CVE-2016-9633] Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=216722ed7282cec4338b177ea9ffdd39ad1b8c8c
* Prevent global-buffer-overflow in wc_any_to_ucs()Tatsuya Kinoshita2016-11-192-0/+44
| | | | | | Bug-Debian: https://github.com/tats/w3m/issues/43 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=716bc126638393c733399d11d3228edb82877faa Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=88110c2658ad9badd292430c75ebb0444c3312eb
* Prevent global-buffer-overflow in parseURL()Tatsuya Kinoshita2016-11-191-1/+4
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/41 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=ba9d78faeba9024c3e8840579c3b0e959ae2cb0f
* Prevent deref null pointer in HTMLlineproc0()Tatsuya Kinoshita2016-11-191-5/+5
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/42 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=ecfdcbe1131591502c5e7f9ff4f34b24c5a2db97
* Prevent deref null pointer in shiftAnchorPosition()Tatsuya Kinoshita2016-11-191-1/+1
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/40 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=a088e0263c48ba406a7ae0932a1ae64a25be7acd
* Prevent null pointer deref due to bad form idTatsuya Kinoshita2016-11-191-1/+4
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/39 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=9db438094e5f0d84842bcbd248f282594ccb3c89
* Prevent array index out of bounds for symbolTatsuya Kinoshita2016-11-194-7/+8
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/38 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=0c3f5d0e0d9269ad47b8f4b061d7818993913189
* Check indent_level to prevent infinite recursionTatsuya Kinoshita2016-11-191-0/+2
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/37 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=e458def067859615ce4bc7170733d368f49d63c2
* Prevent infinite recursion in HTMLlineproc0Tatsuya Kinoshita2016-11-191-8/+8
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/36 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=ff8510ab954ac5db478964351f6a78891c34f1d8
* Prevent dereference near-null pointer in formUpdateBufferTatsuya Kinoshita2016-11-191-1/+2
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/35 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=e2c7ecec6f9b730ad3c9bf8c8df9212970f183d7
* Prevent crash after allocate string of negative sizeTatsuya Kinoshita2016-11-191-0/+6
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/33 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=af592aa5f154f1b0366513ddc2f545032a7b8721
* Prevent null pointer dereference in HTMLlineproc2bodyTatsuya Kinoshita2016-11-191-2/+2
| | | | | | Bug-Debian: https://github.com/tats/w3m/issues/32 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=c6c39973e7d336854e9a2d43119d1220b36e2035 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=a59a35211c63f12951b6266646081b08488b10ea
* Prevent deref null pointer in renderCoTable()Tatsuya Kinoshita2016-11-191-0/+2
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/20#issuecomment-260649537 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=ec99f186380d26ebf791569fdbc56dae60632365
* Prevent infinite recursion with nested table and textareaTatsuya Kinoshita2016-11-193-0/+15
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/20 [CVE-2016-9439] Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=2a4a2fb9f116b50e7c80d573db06c0fdc6c69272
* Prevent global-buffer-overflow write in formUpdateBufferTatsuya Kinoshita2016-11-191-1/+3
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/29 [CVE-2016-9429] Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=d01de738f599441740437c6600dd5b1ae7155d27
* Fix null pointer dereference in formUpdateBufferTatsuya Kinoshita2016-11-191-0/+4
| | | | | | Bug-Debian: https://github.com/tats/w3m/issues/28 [CVE-2016-9443] Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=ec9eb22e008a69ea9dc21fdca4b9b836679965ee Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=22d29c3d11bdfec80164789a99c36cc674340914
* Fix potential heap buffer corruption due to StrgrowKuang-che Wu2016-11-191-2/+2
| | | | | | | | | If Str.length = 5 and area_size = 6, the result of Strgrow is still area_size = 6. For such case, Strcat_char and Strinsert_char will overflow one byte. Bug-Debian: https://github.com/tats/w3m/pull/27 [CVE-2016-9442] Origin: https://github.com/tats/w3m/pull/27/commits/c95a43dc92695464be11c8a51811aaa9761546e6
* Prevent segfault due to buffer overflows in addMultirowsFormTatsuya Kinoshita2016-11-191-0/+2
| | | | | | Bug-Debian: https://github.com/tats/w3m/issues/21 [CVE-2016-9425] Bug-Debian: https://github.com/tats/w3m/issues/26 [CVE-2016-9428] Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=4e464819dd360ffd3d58fa2a89216fe413cfcc74
* Prevent segfault with malformed table_altTatsuya Kinoshita2016-11-191-1/+1
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/24 [CVE-2016-9441] Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=a6257663824c63abb3c62c4dd62455fe6f63d958
* Prevent segfault for formUpdateBufferTatsuya Kinoshita2016-11-191-0/+2
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/22 [CVE-2016-9440] Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=4a8d16fc8d08206dd7142435054ee38ff41805b7
* Truncate max_width for renderTableTatsuya Kinoshita2016-11-191-0/+4
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/25 [CVE-2016-9426] Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=b910f0966d9efea93ea8cef491000a83ffb49c5e
* Fix uninitialised values for <i> and <dd>Tatsuya Kinoshita2016-11-192-0/+7
| | | | | | Bug-Debian: https://github.com/tats/w3m/issues/16 [CVE-2016-9435] [CVE-2016-9436] Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd
* Fix table rowspan and colspanKuang-che Wu2016-11-191-0/+4
| | | | | Origin: https://github.com/tats/w3m/pull/19 Bug-Debian: https://github.com/tats/w3m/issues/8 [CVE-2016-9422]
* Prevent segfault with malformed input_altTatsuya Kinoshita2016-11-191-3/+3
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/18 [CVE-2016-9438] Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=010b68580dc50ce183df11cc79721936ab5c4f25
* Prevent segfault with incorrect button typeTatsuya Kinoshita2016-11-191-0/+11
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/17 [CVE-2016-9437] Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=67be73b03a5ad581e331ec97cb275cd8a52719ed
* Prevent segfault with incorrect form_int fidTatsuya Kinoshita2016-11-191-2/+3
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/15 [CVE-2016-9434] Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=3d4eeda9ec0cb91e23bab7dc260d4c515119eb4b
* Prevent segfault when iso2022 parsingTatsuya Kinoshita2016-11-191-7/+14
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/14 [CVE-2016-9433] Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=9cf6926c5d947371dc9e44f32bc7a2fbfca5d469
* Prevent segfault for formUpdateBufferTatsuya Kinoshita2016-11-191-2/+2
| | | | | | Bug-Debian: https://github.com/tats/w3m/issues/13 [CVE-2016-9432] Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=807e8b7fbffca6dcaf5db40e35f05d05c5cf02d3 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=7b88478227978a8d673b4dd0e05eee410cc33330
* Prevent negative array index for selectnumber and textareanumberTatsuya Kinoshita2016-11-192-6/+10
| | | | | Bug-Debian: https://github.com/tats/w3m/issues/12 [CVE-2016-9424] Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=a25fd09f74fb83499396935a96d63bb7cb8e2c58
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-21 21:34:55 +0000