From 69bcdd242aa2f60c727a477139f38036eab50e47 Mon Sep 17 00:00:00 2001
From: hiro <hiro@ee746299-78ed-0310-b773-934348b2243d>
Date: Wed, 27 Nov 2013 07:43:38 +0000
Subject: libsylph/html.c: html_unescape_str(): strictly check for utf8 length.

git-svn-id: svn://sylpheed.sraoss.jp/sylpheed/trunk@3302 ee746299-78ed-0310-b773-934348b2243d
---
 ChangeLog       | 4 ++++
 libsylph/html.c | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 66d5ecfa..b4f297da 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2013-11-27
+
+	* libsylph/html.c: html_unescape_str(): strictly check for utf8 length.
+
 2013-11-27
 
 	* src/jpilot.c: jpilot_read_db_files(): fixed uninitialized variable
diff --git a/libsylph/html.c b/libsylph/html.c
index 9241793c..a86c07b0 100644
--- a/libsylph/html.c
+++ b/libsylph/html.c
@@ -770,7 +770,7 @@ static gchar *html_unescape_str(HTMLParser *parser, const gchar *str)
 					gint len;
 
 					len = g_unichar_to_utf8((gunichar)ch, buf);
-					if (len > 0 && len <= n + 1) {
+					if (len > 0 && len <= 6 && len <= n + 1) {
 						memcpy(up, buf, len);
 						up += len;
 					} else {
-- 
cgit v1.2.3