From a56a8ef132945512c010cbcbc873dbb42274f9bd Mon Sep 17 00:00:00 2001
From: Tatsuya Kinoshita <tats@debian.org>
Date: Thu, 8 Dec 2016 01:00:42 +0900
Subject: Prevent overflow beyond the end of string in wtf_strwidth()

Bug-Debian: https://github.com/tats/w3m/issues/57
---
 libwc/wtf.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'libwc')

diff --git a/libwc/wtf.c b/libwc/wtf.c
index b8cfdc7..83839d7 100644
--- a/libwc/wtf.c
+++ b/libwc/wtf.c
@@ -120,8 +120,9 @@ int
 wtf_strwidth(wc_uchar *p)
 {
     int w = 0;
+    wc_uchar *q = p + strlen(p);
 
-    while (*p) {
+    while (p < q) {
 	w += wtf_width(p);
 	p += WTF_LEN_MAP[*p];
     }
-- 
cgit v1.2.3