From 047640e060b257db92355847ae575c97b350584e Mon Sep 17 00:00:00 2001
From: Tatsuya Kinoshita <tats@debian.org>
Date: Thu, 15 Dec 2016 23:10:38 +0900
Subject: Prevent overflow beyond the end of string in caller of get_mclen()

Bug-Debian: https://github.com/tats/w3m/issues/59
Bug-Debian: https://github.com/tats/w3m/issues/73
Bug-Debian: https://github.com/tats/w3m/issues/74
Bug-Debian: https://github.com/tats/w3m/issues/75
Bug-Debian: https://github.com/tats/w3m/issues/76
Bug-Debian: https://github.com/tats/w3m/issues/78
Bug-Debian: https://github.com/tats/w3m/issues/79
Bug-Debian: https://github.com/tats/w3m/issues/80
Bug-Debian: https://github.com/tats/w3m/issues/83
Bug-Debian: https://github.com/tats/w3m/issues/84
Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=6eea841d3a0f8dc539584dc67b15f585a8213775
---
 file.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'file.c')

diff --git a/file.c b/file.c
index f5ca8d2..4fe8239 100644
--- a/file.c
+++ b/file.c
@@ -3438,7 +3438,7 @@ process_img(struct parsed_tag *tag, int width)
 	if (use_image) {
 	    if (n > nw) {
 		char *r;
-		for (r = q, n = 0; r; r += get_mclen(r), n += get_mcwidth(r)) {
+		for (r = q, n = 0; *r; r += get_mclen(r), n += get_mcwidth(r)) {
 		    if (n + get_mcwidth(r) > nw)
 			break;
 		}
-- 
cgit v1.2.3