summaryrefslogtreecommitdiffabout
authorEric Wong <normalperson@yhbt.net>2009-03-15 01:41:47 (UTC)
committer Lars Hjemli <hjemli@gmail.com>2009-03-15 07:46:15 (UTC)
commit112973615a78ce61fd6e767128df03b075be72ca (patch) (unidiff)
treecf4b3eb63f42d77ac77f74d951f583e1503886aa
parent6063e7b5532481ffaa7a6f080de28547983bbeb7 (diff)
downloadcgit-112973615a78ce61fd6e767128df03b075be72ca.zip
cgit-112973615a78ce61fd6e767128df03b075be72ca.tar.gz
cgit-112973615a78ce61fd6e767128df03b075be72ca.tar.bz2
fix segfault when displaying empty blobs
When size is zero, subtracting one from it turns it into ULONG_MAX which causes an out-of-bounds access on buf. Signed-off-by: Eric Wong <normalperson@yhbt.net> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--ui-tree.c13
1 files changed, 8 insertions, 5 deletions
diff --git a/ui-tree.c b/ui-tree.c
index c6159ec..553dbaa 100644
--- a/ui-tree.c
+++ b/ui-tree.c
@@ -25,11 +25,14 @@ static void print_text_buffer(char *buf, unsigned long size)
25 html("<tr><td class='linenumbers'><pre>"); 25 html("<tr><td class='linenumbers'><pre>");
26 idx = 0; 26 idx = 0;
27 lineno = 0; 27 lineno = 0;
28 htmlf(numberfmt, ++lineno); 28
29 while(idx < size - 1) { // skip absolute last newline 29 if (size) {
30 if (buf[idx] == '\n') 30 htmlf(numberfmt, ++lineno);
31 htmlf(numberfmt, ++lineno); 31 while(idx < size - 1) { // skip absolute last newline
32 idx++; 32 if (buf[idx] == '\n')
33 htmlf(numberfmt, ++lineno);
34 idx++;
35 }
33 } 36 }
34 html("</pre></td>\n"); 37 html("</pre></td>\n");
35 html("<td class='lines'><pre><code>"); 38 html("<td class='lines'><pre><code>");