From 7fbaf9444fcd2d3ce061775949b38deb4d489943 Mon Sep 17 00:00:00 2001
From: Tatsuya Kinoshita <tats@debian.org>
Date: Sat, 10 Dec 2016 22:54:00 +0900
Subject: Prevent overflow beyond the end of string in wtf_len()

cf. https://github.com/tats/w3m/issues/57
---
 libwc/wtf.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'libwc')

diff --git a/libwc/wtf.c b/libwc/wtf.c
index 9a9a15c..7d450a1 100644
--- a/libwc/wtf.c
+++ b/libwc/wtf.c
@@ -141,9 +141,10 @@ size_t
 wtf_len(wc_uchar *p)
 {
     wc_uchar *q = p;
+    wc_uchar *strz = p + strlen(p);
 
     q += WTF_LEN_MAP[*q];
-    while (*q && ! WTF_WIDTH_MAP[*q])
+    while (q < strz && ! WTF_WIDTH_MAP[*q])
 	q += WTF_LEN_MAP[*q];
     return q - p;
 }
-- 
cgit v1.2.3