On Tue, Jan 06, 2015 at 06:10:25AM +0000, Scarlett wrote: > This archive contains patches for several problems I have found > while hacking on www/w3m, as well as several bug fixes taken from > elsewhere. > > -- > > Ported patches > > * Use "%s" to printf a string, from Colin Watson at Ubuntu > http://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?h=bug/646321 > > * Fix a null pointer deref when parsing "<input type>" in HTML, from olh > at suse dot de > https://build.opensuse.org/package/view_file/openSUSE:Factory/w3m/w3m-closedir.patch?expand=1 > > * Fix a directory descriptor leak, from max at suse dot de > https://build.opensuse.org/package/view_file/openSUSE:Factory/w3m/w3m-parsetagx-crash.patch?expand=1 > > * exit(1) when out of memory, since malloc's return value is never checked > anywhere in the program. inspired by an old patch by dugsong@ which got > sent to the cvs attic when w3m was updated in the distant past > http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/www/w3m/patches/Attic/patch-ac > > -- > > My patches > > * Various printf format string fixes: > > * Instead of printing a "Str" structure with %s, print the > char pointer inside it with %s. > * Use %ld to print long, not %d > * Use %zu to print size_t, not %d > * Use %lld to print time_t, not %ld > > * Change hand-rolled and suspicious sprintf implementation in Str.c to > use asprintf() from libc. > > * Move "New()" gc alloc macros to a header file and add overflow checks to > the "allocate an array" macros. > > -- > > w3m's code is disgusting, and upstream is mostly dead with occasional > patches ported from debian. However, it is one of the more usable web > browsers (and the only curses browser with inline images, iirc). > Fixing its problems is good for its users. > > Scarlett
Whoops, I got the two OpenSUSE links mixed up. The first link is the patch for the directory leak, the second is the patch for the null pointer deref.
