File tidy-fix-buffer-overflow.patch of Package tidy

Index: tidy-20100204cvs/src/lexer.c
===================================================================
--- tidy-20100204cvs.orig/src/lexer.c
+++ tidy-20100204cvs/src/lexer.c
@@ -3467,16 +3467,18 @@ static tmbstr ParseValue( TidyDocImpl* d
         /* and prompts attributes unless --literal-attributes is set to yes      */
         /* #994841 - Whitespace is removed from value attributes                 */
 
-        if (munge &&
+        /* see https://github.com/htacg/tidy-html5/issues/217 --
+         * Also only if/while (len > 0) - MUST NEVER GO NEGATIVE! */
+        if ((len > 0) && munge &&
             TY_(tmbstrcasecmp)(name, "alt") &&
             TY_(tmbstrcasecmp)(name, "title") &&
             TY_(tmbstrcasecmp)(name, "value") &&
             TY_(tmbstrcasecmp)(name, "prompt"))
         {
-            while (TY_(IsWhite)(lexer->lexbuf[start+len-1]))
+            while (TY_(IsWhite)(lexer->lexbuf[start+len-1]) && (len > 0))
                 --len;
 
-            while (TY_(IsWhite)(lexer->lexbuf[start]) && start < len)
+            while (TY_(IsWhite)(lexer->lexbuf[start]) && (start < len) && (len > 0))
             {
                 ++start;
                 --len;
openSUSE Build Service is sponsored by