summaryrefslogtreecommitdiffabout
authorEric Wong <normalperson@yhbt.net>2009-03-15 01:41:47 (UTC)
committer Lars Hjemli <hjemli@gmail.com>2009-03-15 07:46:15 (UTC)
commit112973615a78ce61fd6e767128df03b075be72ca (patch) (side-by-side diff)
treecf4b3eb63f42d77ac77f74d951f583e1503886aa
parent6063e7b5532481ffaa7a6f080de28547983bbeb7 (diff)
downloadcgit-112973615a78ce61fd6e767128df03b075be72ca.zip
cgit-112973615a78ce61fd6e767128df03b075be72ca.tar.gz
cgit-112973615a78ce61fd6e767128df03b075be72ca.tar.bz2
fix segfault when displaying empty blobs
When size is zero, subtracting one from it turns it into ULONG_MAX which causes an out-of-bounds access on buf. Signed-off-by: Eric Wong <normalperson@yhbt.net> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--ui-tree.c13
1 files changed, 8 insertions, 5 deletions
diff --git a/ui-tree.c b/ui-tree.c
index c6159ec..553dbaa 100644
--- a/ui-tree.c
+++ b/ui-tree.c
@@ -16,29 +16,32 @@ char *match_path;
int header = 0;
static void print_text_buffer(char *buf, unsigned long size)
{
unsigned long lineno, idx;
const char *numberfmt =
"<a class='no' id='n%1$d' name='n%1$d' href='#n%1$d'>%1$d</a>\n";
html("<table summary='blob content' class='blob'>\n");
html("<tr><td class='linenumbers'><pre>");
idx = 0;
lineno = 0;
- htmlf(numberfmt, ++lineno);
- while(idx < size - 1) { // skip absolute last newline
- if (buf[idx] == '\n')
- htmlf(numberfmt, ++lineno);
- idx++;
+
+ if (size) {
+ htmlf(numberfmt, ++lineno);
+ while(idx < size - 1) { // skip absolute last newline
+ if (buf[idx] == '\n')
+ htmlf(numberfmt, ++lineno);
+ idx++;
+ }
}
html("</pre></td>\n");
html("<td class='lines'><pre><code>");
html_txt(buf);
html("</code></pre></td></tr></table>\n");
}
#define ROWLEN 32
static void print_binary_buffer(char *buf, unsigned long size)
{
unsigned long ofs, idx;