From ae14acf2afde241f973f6f9259ef826136f2630a Mon Sep 17 00:00:00 2001
From: Tatsuya Kinoshita <tats@debian.org>
Date: Thu, 24 Nov 2016 19:28:13 +0900
Subject: New patch 933_table-level.patch to fix out of memory [CVE-2016-9633]

---
 debian/patches/933_table-level.patch | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 debian/patches/933_table-level.patch

(limited to 'debian/patches/933_table-level.patch')

diff --git a/debian/patches/933_table-level.patch b/debian/patches/933_table-level.patch
new file mode 100644
index 0000000..f541eba
--- /dev/null
+++ b/debian/patches/933_table-level.patch
@@ -0,0 +1,22 @@
+Subject: Prevent memory exhausted due to repeat appending "</table>"
+Author: Tatsuya Kinoshita <tats@debian.org>
+Bug-Debian: https://github.com/tats/w3m/issues/23 [CVE-2016-9633]
+Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=216722ed7282cec4338b177ea9ffdd39ad1b8c8c
+
+diff --git a/file.c b/file.c
+index 660b10e..e82eaf1 100644
+--- a/file.c
++++ b/file.c
+@@ -6988,9 +6988,12 @@ completeHTMLstream(struct html_feed_environ *h_env, struct readbuffer *obuf)
+ 	obuf->table_level = MAX_TABLE - 1;
+ 
+     while (obuf->table_level >= 0) {
++	int tmp = obuf->table_level;
+ 	table_mode[obuf->table_level].pre_mode
+ 	    &= ~(TBLM_SCRIPT | TBLM_STYLE | TBLM_PLAIN);
+ 	HTMLlineproc1("</table>", h_env);
++	if (obuf->table_level >= tmp)
++	    break;
+     }
+ }
+ 
-- 
cgit v1.2.3