From 4381dffaa3fdf94c384f3588b5c7dff3ba1cc4ae Mon Sep 17 00:00:00 2001
From: Tatsuya Kinoshita <tats@debian.org>
Date: Sat, 10 Dec 2016 17:41:01 +0900
Subject: Prevent heap-buffer-overflow in Strnew_size()

Bug-Debian: https://github.com/tats/w3m/issues/72
---
 Str.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'Str.c')

diff --git a/Str.c b/Str.c
index d34129f..61fe3ca 100644
--- a/Str.c
+++ b/Str.c
@@ -48,6 +48,8 @@ Str
 Strnew_size(int n)
 {
     Str x = GC_MALLOC(sizeof(struct _Str));
+    if (n < 0)
+	n = 0;
     x->ptr = GC_MALLOC_ATOMIC(n + 1);
     x->ptr[0] = '\0';
     x->area_size = n + 1;
-- 
cgit v1.2.3