Prevent overflow beyond the end of string in wtf_len()

cf. https://github.com/tats/w3m/issues/57
2016-12-10 22:54:00 +09:00
parent 1978455e2e
commit 7fbaf9444f
1 changed files with 2 additions and 1 deletions
--- a/libwc/wtf.c
+++ b/libwc/wtf.c
@@ -141,9 +141,10 @@ size_t
 wtf_len(wc_uchar *p)
 {
    wc_uchar *q = p;
+    wc_uchar *strz = p + strlen(p);

    q += WTF_LEN_MAP[*q];
-    while (*q && ! WTF_WIDTH_MAP[*q])
+    while (q < strz && ! WTF_WIDTH_MAP[*q])
 	q += WTF_LEN_MAP[*q];
    return q - p;
 }