storm/w3m
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Prevent overflow beyond the end of string in wtf_len()

Browse Source 
cf. https://github.com/tats/w3m/issues/57
This commit is contained in:
Tatsuya Kinoshita
2016-12-10 22:54:00 +09:00
parent 1978455e2e
commit 7fbaf9444f
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
libwc/wtf.c
View File

@@ -141,9 +141,10 @@ size_t
wtf_len(wc_uchar *p) wtf_len(wc_uchar *p)
{ {
wc_uchar *q = p; wc_uchar *q = p;
wc_uchar *strz = p + strlen(p);
q += WTF_LEN_MAP[*q]; q += WTF_LEN_MAP[*q];
while (*q && ! WTF_WIDTH_MAP[*q]) while (q < strz && ! WTF_WIDTH_MAP[*q])
q += WTF_LEN_MAP[*q]; q += WTF_LEN_MAP[*q];
return q - p; return q - p;
} }