components/web/w3m/patches/912_i-dd.patch

   1 Subject: Fix uninitialised values for <i> and <dd>
   2 Author: Tatsuya Kinoshita <tats@debian.org>
   3 Bug-Debian: https://github.com/tats/w3m/issues/16 [CVE-2016-9435] [CVE-2016-9436]
   4 Origin: https://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd
   5
   6 diff --git a/file.c b/file.c
   7 index 68d625c..ac5247f 100644
   8 --- a/file.c
   9 +++ b/file.c
  10 @@ -4669,6 +4669,12 @@ HTMLtagproc1(struct parsed_tag *tag, struct html_feed_environ *h_env)
  11      case HTML_DD:
  12         CLOSE_A;
  13         CLOSE_DT;
  14 +       if (h_env->envc == 0 ||
  15 +           (h_env->envc_real < h_env->nenv &&
  16 +            envs[h_env->envc].env != HTML_DL &&
  17 +            envs[h_env->envc].env != HTML_DL_COMPACT)) {
  18 +           PUSH_ENV(HTML_DL);
  19 +       }
  20         if (envs[h_env->envc].env == HTML_DL_COMPACT) {
  21             if (obuf->pos > envs[h_env->envc].indent)
  22                 flushline(h_env, obuf, envs[h_env->envc].indent, 0,
  23 diff --git a/parsetagx.c b/parsetagx.c
  24 index 6b627d2..e8486ba 100644
  25 --- a/parsetagx.c
  26 +++ b/parsetagx.c
  27 @@ -120,6 +120,7 @@ parse_tag(char **s, int internal)
  28      int i, attr_id = 0, nattr;
  29
  30      /* Parse tag name */
  31 +    tagname[0] = '\0';
  32      q = (*s) + 1;
  33      p = tagname;
  34      if (*q == '/') {