aboutsummaryrefslogtreecommitdiffstats
path: root/debian/patches/955_CVE-2018-6196_tbl-indent.patch
blob: 279d2dd75d0470886570e8b37bc07d0fb61c6866 (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

Subject: Prevent negative indent value in feed_table_block_tag()
From: Tatsuya Kinoshita <tats@debian.org>
Bug-Debian: https://github.com/tats/w3m/issues/88 [CVE-2018-6196]
Origin: https://salsa.debian.org/debian/w3m/commit/8354763b90490d4105695df52674d0fcef823e92

Index: w3m-0.5.3/table.c
===================================================================
--- w3m-0.5.3.orig/table.c	2020-04-29 13:52:52.596689311 +0200
+++ w3m-0.5.3/table.c	2020-04-29 13:52:52.592689010 +0200
@@ -2357,10 +2357,14 @@
 	if (mode->indent_level < MAX_INDENT_LEVEL)
 	    tbl->indent -= INDENT_INCR;
     }
+    if (tbl->indent < 0)
+	tbl->indent = 0;
     offset = tbl->indent;
     if (cmd == HTML_DT) {
 	if (mode->indent_level > 0 && mode->indent_level <= MAX_INDENT_LEVEL)
 	    offset -= INDENT_INCR;
+	if (offset < 0)
+	    offset = 0;
     }
     if (tbl->indent > 0) {
 	check_minimum0(tbl, 0);
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-21 16:42:08 +0000