From ffc052b4dfddbb57ae69cfdba254afb8be46eb87 Mon Sep 17 00:00:00 2001
From: Tatsuya Kinoshita <tats@debian.org>
Date: Sat, 20 Aug 2016 07:12:41 +0900
Subject: Fix uninitialised values for <i> and <dd>

Bug-Debian: https://github.com/tats/w3m/issues/16
[CVE-2016-9435] [CVE-2016-9436]
Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd
---
 file.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'file.c')

diff --git a/file.c b/file.c
index 68d625c..ac5247f 100644
--- a/file.c
+++ b/file.c
@@ -4669,6 +4669,12 @@ HTMLtagproc1(struct parsed_tag *tag, struct html_feed_environ *h_env)
     case HTML_DD:
 	CLOSE_A;
 	CLOSE_DT;
+	if (h_env->envc == 0 ||
+	    (h_env->envc_real < h_env->nenv &&
+	     envs[h_env->envc].env != HTML_DL &&
+	     envs[h_env->envc].env != HTML_DL_COMPACT)) {
+	    PUSH_ENV(HTML_DL);
+	}
 	if (envs[h_env->envc].env == HTML_DL_COMPACT) {
 	    if (obuf->pos > envs[h_env->envc].indent)
 		flushline(h_env, obuf, envs[h_env->envc].indent, 0,
-- 
cgit v1.2.3