From 9c50804d4570f77e2c5891c9b51a08e1832ae852 Mon Sep 17 00:00:00 2001
From: Tatsuya Kinoshita <tats@debian.org>
Date: Tue, 22 Nov 2016 00:05:33 +0900
Subject: New patch 924_curline.patch to fix near-null deref

---
 debian/patches/924_curline.patch | 19 +++++++++++++++++++
 debian/patches/series            |  1 +
 2 files changed, 20 insertions(+)
 create mode 100644 debian/patches/924_curline.patch

(limited to 'debian')

diff --git a/debian/patches/924_curline.patch b/debian/patches/924_curline.patch
new file mode 100644
index 0000000..361813b
--- /dev/null
+++ b/debian/patches/924_curline.patch
@@ -0,0 +1,19 @@
+Subject: Prevent dereference near-null pointer in formUpdateBuffer
+Author: Tatsuya Kinoshita <tats@debian.org>
+Bug-Debian: https://github.com/tats/w3m/issues/35
+Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=e2c7ecec6f9b730ad3c9bf8c8df9212970f183d7
+
+diff --git a/form.c b/form.c
+index de7a4d9..1aaaf19 100644
+--- a/form.c
++++ b/form.c
+@@ -442,7 +442,8 @@ formUpdateBuffer(Anchor *a, Buffer *buf, FormItemList *form)
+     switch (form->type) {
+     case FORM_INPUT_CHECKBOX:
+     case FORM_INPUT_RADIO:
+-	if (spos >= buf->currentLine->len || spos < 0)
++	if (buf->currentLine == NULL ||
++	    spos >= buf->currentLine->len || spos < 0)
+ 	    break;
+ 	if (form->checked)
+ 	    buf->currentLine->lineBuf[spos] = '*';
diff --git a/debian/patches/series b/debian/patches/series
index 5750bcd..b122606 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -59,3 +59,4 @@
 921_cotable.patch
 922_lineproc.patch
 923_tagproc.patch
+924_curline.patch
-- 
cgit v1.2.3