File lynx-CVE-2017-1000211.patch of Package lynx.6058
--- a/src/HTML.c
+++ b/src/HTML.c
@@ -505,6 +505,8 @@ void HTML_put_character(HTStructured * me, int c)
*/
void HTML_put_string(HTStructured * me, const char *s)
{
+ HTChunk *target = NULL;
+
#ifdef USE_PRETTYSRC
char *translated_string = NULL;
#endif
@@ -525,15 +527,15 @@ void HTML_put_string(HTStructured * me, const char *s)
break; /* Do Nothing */
case HTML_TITLE:
- HTChunkPuts(&me->title, s);
+ target = &me->title;
break;
case HTML_STYLE:
- HTChunkPuts(&me->style_block, s);
+ target = &me->style_block;
break;
case HTML_SCRIPT:
- HTChunkPuts(&me->script, s);
+ target = &me->script;
break;
case HTML_PRE: /* Formatted text */
@@ -547,20 +549,20 @@ void HTML_put_string(HTStructured * me, const char *s)
break;
case HTML_OBJECT:
- HTChunkPuts(&me->object, s);
+ target = &me->object;
break;
case HTML_TEXTAREA:
- HTChunkPuts(&me->textarea, s);
+ target = &me->textarea;
break;
case HTML_SELECT:
case HTML_OPTION:
- HTChunkPuts(&me->option, s);
+ target = &me->option;
break;
case HTML_MATH:
- HTChunkPuts(&me->math, s);
+ target = &me->math;
break;
default: /* Free format text? */
@@ -651,6 +653,15 @@ void HTML_put_string(HTStructured * me, const char *s)
} /* for */
}
} /* end switch */
+
+ if (target != NULL) {
+ if (target->data == s) {
+ CTRACE((tfp, "BUG: appending chunk to itself: `%.*s'\n",
+ target->size, target->data));
+ } else {
+ HTChunkPuts(target, s);
+ }
+ }
#ifdef USE_PRETTYSRC
if (psrc_convert_string) {
psrc_convert_string = FALSE;
