From 906a35a0c31454d15c7c3924e6438156cbe034f1 Mon Sep 17 00:00:00 2001 From: Tatsuya Kinoshita Date: Tue, 22 Nov 2016 00:17:57 +0900 Subject: New patch 930_tbl-mode.patch to fix null deref --- debian/patches/930_tbl-mode.patch | 33 +++++++++++++++++++++++++++++++++ debian/patches/series | 1 + 2 files changed, 34 insertions(+) create mode 100644 debian/patches/930_tbl-mode.patch diff --git a/debian/patches/930_tbl-mode.patch b/debian/patches/930_tbl-mode.patch new file mode 100644 index 0000000..ad591b8 --- /dev/null +++ b/debian/patches/930_tbl-mode.patch @@ -0,0 +1,33 @@ +Subject: Prevent deref null pointer in HTMLlineproc0() +Author: Tatsuya Kinoshita +Bug-Debian: https://github.com/tats/w3m/issues/42 +Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=ecfdcbe1131591502c5e7f9ff4f34b24c5a2db97 + +diff --git a/file.c b/file.c +index 834071d..660b10e 100644 +--- a/file.c ++++ b/file.c +@@ -6302,10 +6302,10 @@ HTMLlineproc0(char *line, struct html_feed_environ *h_env, int internal) + while (*line != '\0') { + char *str, *p; + int is_tag = FALSE; +- int pre_mode = (obuf->table_level >= 0) ? tbl_mode->pre_mode : +- obuf->flag; +- int end_tag = (obuf->table_level >= 0) ? tbl_mode->end_tag : +- obuf->end_tag; ++ int pre_mode = (obuf->table_level >= 0 && tbl_mode) ? ++ tbl_mode->pre_mode : obuf->flag; ++ int end_tag = (obuf->table_level >= 0 && tbl_mode) ? ++ tbl_mode->end_tag : obuf->end_tag; + + if (*line == '<' || obuf->status != R_ST_NORMAL) { + /* +@@ -6387,7 +6387,7 @@ HTMLlineproc0(char *line, struct html_feed_environ *h_env, int internal) + } + + proc_normal: +- if (obuf->table_level >= 0) { ++ if (obuf->table_level >= 0 && tbl && tbl_mode) { + /* + * within table: in ..
, all input tokens + * are fed to the table renderer, and then the renderer diff --git a/debian/patches/series b/debian/patches/series index 77f5ec7..3db0170 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -65,3 +65,4 @@ 927_symbol.patch 928_form-id.patch 929_anchor.patch +930_tbl-mode.patch -- cgit v1.2.3