From 08a147c672caca6bed6521ded5729ee4487e6a35 Mon Sep 17 00:00:00 2001 From: Gijs van Tulder Date: Sun, 1 Apr 2012 23:29:16 +0200 Subject: [PATCH] Fix a segfault on an incomplete STYLE tag. --- NEWS | 1 + src/ChangeLog | 4 ++++ src/html-url.c | 7 ++++--- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/NEWS b/NEWS index 311a2f1a..e0f81a99 100644 --- a/NEWS +++ b/NEWS @@ -34,6 +34,7 @@ Please send GNU Wget bug reports to . ** Return a network failure when FTP downloads fail and --timestamping is specified. +** Fix a segfault on an incomplete STYLE tag. * Changes in Wget 1.13.3 diff --git a/src/ChangeLog b/src/ChangeLog index 2152cce3..6e6d354f 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,7 @@ +2012-04-01 Gijs van Tulder + + * html-url.c: Prevent crash on incomplete STYLE tag. + 2012-04-01 Giuseppe Scrivano * gnutls.c (wgnutls_read_timeout): Ensure timer is freed. diff --git a/src/html-url.c b/src/html-url.c index f5ab2932..855393a7 100644 --- a/src/html-url.c +++ b/src/html-url.c @@ -1,6 +1,6 @@ /* Collect URLs from HTML source. Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, - 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc. + 2007, 2008, 2009, 2010, 2011, 2012 Free Software Foundation, Inc. This file is part of GNU Wget. @@ -675,8 +675,9 @@ collect_tags_mapper (struct taginfo *tag, void *arg) check_style_attr (tag, ctx); - if (tag->end_tag_p && (0 == strcasecmp (tag->name, "style")) && - tag->contents_begin && tag->contents_end) + if (tag->end_tag_p && (0 == strcasecmp (tag->name, "style")) + && tag->contents_begin && tag->contents_end + && tag->contents_begin <= tag->contents_end) { /* parse contents */ get_urls_css (ctx, tag->contents_begin - ctx->text,