From d345c0950dfdef065b7377ecad0e4bc1d2601bf8 Mon Sep 17 00:00:00 2001
From: Tatsuya Kinoshita <tats@debian.org>
Date: Wed, 7 Dec 2016 20:41:29 +0900
Subject: Prevent overflow beyond the end of string in wtf_strwidth()

Bug-Debian: https://github.com/tats/w3m/issues/57
---
 libwc/wtf.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libwc/wtf.c b/libwc/wtf.c
index b8cfdc7..69a8271 100644
--- a/libwc/wtf.c
+++ b/libwc/wtf.c
@@ -120,10 +120,14 @@ int
 wtf_strwidth(wc_uchar *p)
 {
     int w = 0;
+    size_t len;
 
     while (*p) {
 	w += wtf_width(p);
-	p += WTF_LEN_MAP[*p];
+	len = WTF_LEN_MAP[*p];
+	if (len > strlen(p))
+	    len = strlen(p);
+	p += len;
     }
     return w;
 }
-- 
cgit v1.2.3