![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
1 #! /bin/sh /usr/share/dpatch/dpatch-run
2 ## mem-corruption-fix.dpatch by Jonas Fonseca <fonseca@diku.dk>
3 ##
4 ## DP: Fix memory corruption bug in tree_read when sorting the entries
5 ## DP:
6 ## DP: Triggered by defining ITEM_CHUNK_SIZE to 1.
8 diff git a/tig.c b/tig.c
9 --- a/tig.c
10 +++ b/tig.c
11 @@ -3614,7 +3614,7 @@ static bool
12 {
13 size_t textlen = text ? strlen(text) : 0;
14 char buf[SIZEOF_STR];
15 - unsigned long pos;
16 + size_t pos;
17 enum line_type type;
18 bool first_read = view->lines == 0;
20 @@ -3645,8 +3645,12 @@ tree_read(struct view *view, char *text)
21 return FALSE;
22 }
24 + if (!add_line_text(view, text, type))
25 + return FALSE;
26 + text = view->line[view->lines - 1].data;
27 +
28 /* Skip "Directory ..." and ".." line. */
29 - for (pos = 1 + !!*opt_path; pos < view->lines; pos++) {
30 + for (pos = 1 + !!*opt_path; pos < view->lines - 1; pos++) {
31 struct line *line = &view->line[pos];
32 const char *path1 = tree_path(line);
33 char *path2 = text + SIZEOF_TREE_ATTR;
34 @@ -3655,24 +3659,16 @@ tree_read(struct view *view, char *text)
35 if (cmp <= 0)
36 continue;
38 - text = strdup(text);
39 - if (!text)
40 - return FALSE;
41 -
42 - if (view->lines > pos)
43 + if (view->lines - 1 > pos)
44 memmove(&view->line[pos + 1], &view->line[pos],
45 - (view->lines - pos) * sizeof(*line));
46 + (view->lines - 1 - pos) * sizeof(*line));
48 line = &view->line[pos];
49 line->data = text;
50 line->type = type;
51 - view->lines++;
52 return TRUE;
53 }
55 - if (!add_line_text(view, text, type))
56 - return FALSE;
57 -
58 if (tree_lineno > view->lineno) {
59 view->lineno = tree_lineno;
60 tree_lineno = 0;