We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Null pointer dereference
$ echo -e '<table>000000000000<b<>\x00<listing><input_alt>0' | w3m -T text/html -dump Program received signal SIGSEGV, Segmentation fault. flushline (h_env=0x7fffffffc2f0, obuf=0x7fffffffc480, indent=0, force=0, width=12) at file.c:3025 3025 tmp = Sprintf("<INPUT_ALT hseq=\"%d\" fid=\"%d\" name=\"%s\" type=\"%s\" value=\"%s\">", (gdb) l 3020 } 3021 if (!hidden_input && obuf->input_alt.in) { 3022 Str tmp; 3023 if (obuf->input_alt.hseq > 0) 3024 obuf->input_alt.hseq = - obuf->input_alt.hseq; 3025 tmp = Sprintf("<INPUT_ALT hseq=\"%d\" fid=\"%d\" name=\"%s\" type=\"%s\" value=\"%s\">", 3026 obuf->input_alt.hseq, 3027 obuf->input_alt.fid, 3028 obuf->input_alt.name->ptr, 3029 obuf->input_alt.type->ptr, (gdb) p obuf->input_alt $1 = { hseq = 0, fid = -1, in = 1, type = 0x0, name = 0x0, value = 0x0 } (gdb) bt #0 flushline (h_env=0x7fffffffc2f0, obuf=0x7fffffffc480, indent=0, force=0, width=12) at file.c:3025 #1 0x000000000042bf99 in HTMLlineproc0 (line=0x7c3a72 "", h_env=0x7fffffffc2f0, internal=1) at file.c:6591 #2 0x00000000004423d3 in do_refill (tbl=0x7bf000, row=0, col=0, maxlimit=79) at table.c:798 #3 0x000000000044627f in renderTable (t=0x7bf000, max_width=79, h_env=0x7fffffffcb00) at table.c:1800 #4 0x000000000042b617 in HTMLlineproc0 (line=0x494fe1 "", h_env=0x7fffffffcb00, internal=1) at file.c:6426 #5 0x000000000042d1a8 in completeHTMLstream (h_env=0x7fffffffcb00, obuf=0x7fffffffcc90) at file.c:6995 #6 0x000000000042dbb3 in loadHTMLstream (f=0x7fffffffd120, newBuf=0x7cee00, src=0x0, internal=0) at file.c:7227 #7 0x000000000042c597 in loadHTMLBuffer (f=0x7fffffffd120, newBuf=0x7cee00) at file.c:6755 #8 0x0000000000416a40 in loadSomething (f=0x7fffffffd120, loadproc=0x42c4b2 <loadHTMLBuffer>, defaultbuf=0x7cee00) at file.c:224 #9 0x000000000041c7e6 in loadGeneralFile (path=0x7bdf00 "triage.debug/min/75", current=0x0, referer=0xffffffffffffffff <error: Cannot access memory at address 0xffffffffffffffff>, flag=0, request=0x0) at file.c:2241 #10 0x00000000004070d1 in main (argc=5, argv=0x7fffffffd448, envp=0x7fffffffd478) at main.c:1020
this is found by afl-fuzz
The text was updated successfully, but these errors were encountered:
Prevent segfault with malformed input_alt
010b685
Bug-Debian: #18
Fixed, thank you.
Sorry, something went wrong.
49ddfa7
Bug-Debian: #18 [CVE-2016-9438] Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=010b68580dc50ce183df11cc79721936ab5c4f25
No branches or pull requests
Null pointer dereference
this is found by afl-fuzz
The text was updated successfully, but these errors were encountered: