From 6eea841d3a0f8dc539584dc67b15f585a8213775 Mon Sep 17 00:00:00 2001
From: Tatsuya Kinoshita <tats@debian.org>
Date: Thu, 15 Dec 2016 23:10:38 +0900
Subject: Prevent overflow beyond the end of string in caller of get_mclen()

Bug-Debian: https://github.com/tats/w3m/issues/59
Bug-Debian: https://github.com/tats/w3m/issues/73
Bug-Debian: https://github.com/tats/w3m/issues/74
Bug-Debian: https://github.com/tats/w3m/issues/76
Bug-Debian: https://github.com/tats/w3m/issues/79
Bug-Debian: https://github.com/tats/w3m/issues/80
Bug-Debian: https://github.com/tats/w3m/issues/83
Bug-Debian: https://github.com/tats/w3m/issues/84
---
 libwc/wtf.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'libwc/wtf.c')

diff --git a/libwc/wtf.c b/libwc/wtf.c
index 7d450a1..5ec25af 100644
--- a/libwc/wtf.c
+++ b/libwc/wtf.c
@@ -129,13 +129,18 @@ wtf_strwidth(wc_uchar *p)
     return w;
 }
 
-/*
 size_t
 wtf_len1(wc_uchar *p)
 {
-    return (size_t)WTF_LEN_MAP[*p];
+    size_t len, len_max = WTF_LEN_MAP[*p];
+
+    for (len = 0; *(p + len); len++)
+	if (len == len_max)
+	    break;
+    if (len == 0)
+	len = 1;
+    return len;
 }
-*/
 
 size_t
 wtf_len(wc_uchar *p)
-- 
cgit v1.2.3