File tidy-fix-buffer-overflow.patch of Package tidy
Index: tidy-20100204cvs/src/lexer.c
===================================================================
--- tidy-20100204cvs.orig/src/lexer.c
+++ tidy-20100204cvs/src/lexer.c
@@ -3467,16 +3467,18 @@ static tmbstr ParseValue( TidyDocImpl* d
/* and prompts attributes unless --literal-attributes is set to yes */
/* #994841 - Whitespace is removed from value attributes */
- if (munge &&
+ /* see https://github.com/htacg/tidy-html5/issues/217 --
+ * Also only if/while (len > 0) - MUST NEVER GO NEGATIVE! */
+ if ((len > 0) && munge &&
TY_(tmbstrcasecmp)(name, "alt") &&
TY_(tmbstrcasecmp)(name, "title") &&
TY_(tmbstrcasecmp)(name, "value") &&
TY_(tmbstrcasecmp)(name, "prompt"))
{
- while (TY_(IsWhite)(lexer->lexbuf[start+len-1]))
+ while (TY_(IsWhite)(lexer->lexbuf[start+len-1]) && (len > 0))
--len;
- while (TY_(IsWhite)(lexer->lexbuf[start]) && start < len)
+ while (TY_(IsWhite)(lexer->lexbuf[start]) && (start < len) && (len > 0))
{
++start;
--len;