Prevent overflow beyond the end of string in proc_mchar()
Bug-Debian: https://github.com/tats/w3m/issues/80 cf. https://github.com/tats/w3m/issues/59
This commit is contained in:
Tatsuya Kinoshita
@@ -2603,19 +2603,20 @@ static void
|
||||
proc_mchar(struct readbuffer *obuf, int pre_mode,
|
||||
int width, char **str, Lineprop mode)
|
||||
{
|
||||
size_t len;
|
||||
int len, slen;
|
||||
|
||||
check_breakpoint(obuf, pre_mode, *str);
|
||||
obuf->pos += width;
|
||||
Strcat_charp_n(obuf->line, *str, get_mclen(*str));
|
||||
len = get_mclen(*str);
|
||||
slen = (int)strlen(*str);
|
||||
if (len > slen && slen > 0)
|
||||
len = slen;
|
||||
Strcat_charp_n(obuf->line, *str, len);
|
||||
if (width > 0) {
|
||||
set_prevchar(obuf->prevchar, *str, 1);
|
||||
if (**str != ' ')
|
||||
obuf->prev_ctype = mode;
|
||||
}
|
||||
len = get_mclen(*str);
|
||||
if (len > strlen(*str))
|
||||
len = strlen(*str);
|
||||
(*str) += len;
|
||||
obuf->flag |= RB_NFLUSHED;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user