From f763b8ebf5441cb44d2c0234565fadd5eb1c87a5 Mon Sep 17 00:00:00 2001
From: Tatsuya Kinoshita <tats@debian.org>
Date: Sat, 10 Dec 2016 17:32:49 +0900
Subject: Prevent overflow beyond the end of string in visible_length_plain()

Bug-Debian: https://github.com/tats/w3m/issues/76
---
 table.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/table.c b/table.c
index e996570..5c41c89 100644
--- a/table.c
+++ b/table.c
@@ -510,8 +510,9 @@ int
 visible_length_plain(char *str)
 {
     int len = 0, max_len = 0;
+    char *strz = str + strlen(str);
 
-    while (*str) {
+    while (str < strz) {
 	if (*str == '\t') {
 	    do {
 		len++;
-- 
cgit v1.2.3