storm/w3m
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Prevent integer overflow due to fontstat

Browse Source
This commit is contained in:
Tatsuya Kinoshita
2021-04-11 08:18:36 +09:00
parent 38c043f50f
commit 56ce2a2cc8
2 changed files with 15 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
file.c
View File

@@ -3196,6 +3196,7 @@ save_fonteffect(struct html_feed_environ *h_env, struct readbuffer *obuf)
if (obuf->fontstat_sp < FONT_STACK_SIZE)
bcopy(obuf->fontstat, obuf->fontstat_stack[obuf->fontstat_sp],
FONTSTAT_SIZE);
if (obuf->fontstat_sp < INT_MAX)
obuf->fontstat_sp++;
if (obuf->in_bold)
push_tag(obuf, "</b>", HTML_N_B);
@@ -4493,6 +4494,7 @@ HTMLtagproc1(struct parsed_tag *tag, struct html_feed_environ *h_env)
switch (cmd) {
case HTML_B:
if (obuf->in_bold < FONTSTAT_MAX)
obuf->in_bold++;
if (obuf->in_bold > 1)
return 1;
@@ -4507,6 +4509,7 @@ HTMLtagproc1(struct parsed_tag *tag, struct html_feed_environ *h_env)
}
return 1;
case HTML_I:
if (obuf->in_italic < FONTSTAT_MAX)
obuf->in_italic++;
if (obuf->in_italic > 1)
return 1;
@@ -4521,6 +4524,7 @@ HTMLtagproc1(struct parsed_tag *tag, struct html_feed_environ *h_env)
}
return 1;
case HTML_U:
if (obuf->in_under < FONTSTAT_MAX)
obuf->in_under++;
if (obuf->in_under > 1)
return 1;
@@ -5359,6 +5363,7 @@ HTMLtagproc1(struct parsed_tag *tag, struct html_feed_environ *h_env)
HTMLlineproc1("<U>[DEL:</U>", h_env);
break;
case DISPLAY_INS_DEL_FONTIFY:
if (obuf->in_strike < FONTSTAT_MAX)
obuf->in_strike++;
if (obuf->in_strike == 1) {
push_tag(obuf, "<s>", HTML_S);
@@ -5396,6 +5401,7 @@ HTMLtagproc1(struct parsed_tag *tag, struct html_feed_environ *h_env)
HTMLlineproc1("<U>[S:</U>", h_env);
break;
case DISPLAY_INS_DEL_FONTIFY:
if (obuf->in_strike < FONTSTAT_MAX)
obuf->in_strike++;
if (obuf->in_strike == 1) {
push_tag(obuf, "<s>", HTML_S);
@@ -5432,6 +5438,7 @@ HTMLtagproc1(struct parsed_tag *tag, struct html_feed_environ *h_env)
HTMLlineproc1("<U>[INS:</U>", h_env);
break;
case DISPLAY_INS_DEL_FONTIFY:
if (obuf->in_ins < FONTSTAT_MAX)
obuf->in_ins++;
if (obuf->in_ins == 1) {
push_tag(obuf, "<ins>", HTML_INS);

1
fm.h
View File

@@ -583,6 +583,7 @@ typedef struct _DownloadList {
#define FONT_STACK_SIZE 5
#define FONTSTAT_SIZE 7
#define FONTSTAT_MAX 127
#define _INIT_BUFFER_WIDTH (COLS - (showLineNum ? 6 : 1))
#define INIT_BUFFER_WIDTH ((_INIT_BUFFER_WIDTH > 0) ? _INIT_BUFFER_WIDTH : 0)