From 6eea841d3a0f8dc539584dc67b15f585a8213775 Mon Sep 17 00:00:00 2001
From: Tatsuya Kinoshita <tats@debian.org>
Date: Thu, 15 Dec 2016 23:10:38 +0900
Subject: Prevent overflow beyond the end of string in caller of get_mclen()

Bug-Debian: https://github.com/tats/w3m/issues/59
Bug-Debian: https://github.com/tats/w3m/issues/73
Bug-Debian: https://github.com/tats/w3m/issues/74
Bug-Debian: https://github.com/tats/w3m/issues/76
Bug-Debian: https://github.com/tats/w3m/issues/79
Bug-Debian: https://github.com/tats/w3m/issues/80
Bug-Debian: https://github.com/tats/w3m/issues/83
Bug-Debian: https://github.com/tats/w3m/issues/84
---
 file.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'file.c')

diff --git a/file.c b/file.c
index c618ad7..91fcfad 100644
--- a/file.c
+++ b/file.c
@@ -3455,7 +3455,7 @@ process_img(struct parsed_tag *tag, int width)
 	if (use_image) {
 	    if (n > nw) {
 		char *r;
-		for (r = q, n = 0; r; r += get_mclen(r), n += get_mcwidth(r)) {
+		for (r = q, n = 0; *r; r += get_mclen(r), n += get_mcwidth(r)) {
 		    if (n + get_mcwidth(r) > nw)
 			break;
 		}
-- 
cgit v1.2.3