From 2a470ab78ab859e934b577dd80bf0079314ffaef Mon Sep 17 00:00:00 2001
From: Tatsuya Kinoshita <tats@debian.org>
Date: Mon, 21 Nov 2016 23:35:54 +0900
Subject: New patch 915_table-alt.patch to fix near-null deref [CVE-2016-9441]

---
 debian/patches/915_table-alt.patch | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 debian/patches/915_table-alt.patch

(limited to 'debian/patches/915_table-alt.patch')

diff --git a/debian/patches/915_table-alt.patch b/debian/patches/915_table-alt.patch
new file mode 100644
index 0000000..3d1eee2
--- /dev/null
+++ b/debian/patches/915_table-alt.patch
@@ -0,0 +1,18 @@
+Subject: Prevent segfault with malformed table_alt
+Author: Tatsuya Kinoshita <tats@debian.org>
+Bug-Debian: https://github.com/tats/w3m/issues/24 [CVE-2016-9441]
+Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=a6257663824c63abb3c62c4dd62455fe6f63d958
+
+diff --git a/table.c b/table.c
+index a54ea01..022effe 100644
+--- a/table.c
++++ b/table.c
+@@ -761,7 +761,7 @@ do_refill(struct table *tbl, int row, int col, int maxlimit)
+ 	    struct parsed_tag *tag;
+ 	    if ((tag = parse_tag(&p, TRUE)) != NULL)
+ 		parsedtag_get_value(tag, ATTR_TID, &id);
+-	    if (id >= 0 && id < tbl->ntable) {
++	    if (id >= 0 && id < tbl->ntable && tbl->tables[id].ptr) {
+ 		int alignment;
+ 		TextLineListItem *ti;
+ 		struct table *t = tbl->tables[id].ptr;
-- 
cgit v1.2.3