From 112973615a78ce61fd6e767128df03b075be72ca Mon Sep 17 00:00:00 2001 From: Eric Wong Date: Sat, 14 Mar 2009 18:41:47 -0700 Subject: fix segfault when displaying empty blobs When size is zero, subtracting one from it turns it into ULONG_MAX which causes an out-of-bounds access on buf. Signed-off-by: Eric Wong Signed-off-by: Lars Hjemli diff --git a/ui-tree.c b/ui-tree.c index c6159ec..553dbaa 100644 --- a/ui-tree.c +++ b/ui-tree.c @@ -25,11 +25,14 @@ static void print_text_buffer(char *buf, unsigned long size) html("
");
 	idx = 0;
 	lineno = 0;
-	htmlf(numberfmt, ++lineno);
-	while(idx < size - 1) { // skip absolute last newline
-		if (buf[idx] == '\n')
-			htmlf(numberfmt, ++lineno);
-		idx++;
+
+	if (size) {
+		htmlf(numberfmt, ++lineno);
+		while(idx < size - 1) { // skip absolute last newline
+			if (buf[idx] == '\n')
+				htmlf(numberfmt, ++lineno);
+			idx++;
+		}
 	}
 	html("
\n"); html("
");
-- 
cgit v0.10.1