Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

null pointer defer in HTMLlineproc0() #42

Closed
kcwu opened this issue Nov 17, 2016 · 1 comment
Closed

null pointer defer in HTMLlineproc0() #42

kcwu opened this issue Nov 17, 2016 · 1 comment

Comments

@kcwu
Copy link
Contributor

kcwu commented Nov 17, 2016
edited
Loading

input

00000000: 3c6d 6574 6120 6368 6172 7365 743d 6762  <meta charset=gb
00000010: 3138 3033 303e 0a3c 696e 7075 740b 7661  18030>.<input.va
00000020: 6c75 653d 803c 7461 626c 653e            lue=.<table>

gdb --args w3m -T text/html -dump file

Program received signal SIGSEGV, Segmentation fault.
0x000000000042b440 in HTMLlineproc0 (line=0x7beef5 "\n", h_env=0x7fffffffc3d0, internal=0) at file.c:6333
6333            int pre_mode = (obuf->table_level >= 0) ? tbl_mode->pre_mode :
(gdb) p obuf->table_level
$1 = 0
(gdb) p tbl_mode
$2 = (struct table_mode *) 0x0

This is found by afl-fuzz.
tats added a commit that referenced this issue Nov 17, 2016
@tats
Prevent deref null pointer in HTMLlineproc0()
ecfdcbe 
Bug-Debian: #42
@tats
Copy link
Owner

tats commented Nov 17, 2016

Fixed, thank you.

@tats tats closed this as completed Nov 17, 2016
tats added a commit that referenced this issue Dec 18, 2016
@tats
Prevent deref null pointer in HTMLlineproc0()
a8cba1b 
Bug-Debian: #42
Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=ecfdcbe1131591502c5e7f9ff4f34b24c5a2db97
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kcwu @tats