Join 36 million developers who use GitHub
issues to help identify, assign, and keep track of the features and
bug fixes your projects need.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub?
to your account
$ echo '<button type=radio>' | ./w3m -T text/html -dump
Program received signal SIGSEGV, Segmentation fault.
0x000000000044f19b in formUpdateBuffer (a=0x7d9000, buf=0x7cee00, form=0x7d8f80) at form.c:444
444 buf->currentLine->lineBuf[spos] = ' ';
(gdb) p buf->currentLine->lineBuf
$1 = 0x495252 ""
(gdb) p spos
$2 = 0
(gdb) info files
....skip some lines...
0x0000000000490b40 - 0x00000000004a0612 is .rodata
Writing to rodata section and crash.
This is found by afl-fuzz
Prevent segfault with incorrect button type
Fixed, thank you.
Bug-Debian: #17 [CVE-2016-9437]