wl pushed a commit to branch master
in repository groff.
commit 09040dbf908c2563e0d918a1dca7bb564226a0f8
Author: Bálint Réczey <[email protected]>
Date: Tue Feb 16 00:16:28 2016 +0100
[pre-grohtml] Fix out-of-bounds array access (#47161).
* src/preproc/html/pre-html.cpp (char_buffer::write_upto_newline):
Implement it.
---
ChangeLog | 7 +++++++
src/preproc/html/pre-html.cpp | 2 +-
2 files changed, 8 insertions(+), 1 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index b3cdf1d..b264974 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
2016-02-15 Bálint Réczey <[email protected]>
+ [pre-grohtml] Fix out-of-bounds array access (#47161).
+
+ * src/preproc/html/pre-html.cpp (char_buffer::write_upto_newline):
+ Implement it.
+
+2016-02-15 Bálint Réczey <[email protected]>
+
Don't use `memcpy' with NULL input or output argument (#47160).
* src/libs/libgroff/string.cpp (string::string, string::operator=):
diff --git a/src/preproc/html/pre-html.cpp b/src/preproc/html/pre-html.cpp
index 978721a..8698149 100644
--- a/src/preproc/html/pre-html.cpp
+++ b/src/preproc/html/pre-html.cpp
@@ -661,7 +661,7 @@ void char_buffer::write_upto_newline(char_block **t, int
*i, int is_html)
&& (*t)->buffer[j] == '\n')
j++;
writeNbytes((*t)->buffer + (*i), j - (*i));
- if ((*t)->buffer[j] == INLINE_LEADER_CHAR) {
+ if (j < char_block::SIZE && (*t)->buffer[j] == INLINE_LEADER_CHAR) {
if (can_see(t, &j, HTML_IMAGE_INLINE_BEGIN))
write_start_image(INLINE, is_html);
else if (can_see(t, &j, HTML_IMAGE_INLINE_END))
_______________________________________________
Groff-commit mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/groff-commit
