Commit 31e80290 by Carlos Martín Nieto

mwindow: make sure the whole range is contained inside the same window

Looking through the open windows to check whether we can re-use an
open window should take into account whether both `offset` and `offset
+ extra` are contained within the same window. Failure to do so can
lead to invalid memory accesses. This closes #614.

While we're in the area remove an outdated assert.
parent bbb37236
...@@ -211,13 +211,15 @@ unsigned char *git_mwindow_open( ...@@ -211,13 +211,15 @@ unsigned char *git_mwindow_open(
git_mwindow_ctl *ctl = &GIT_GLOBAL->mem_ctl; git_mwindow_ctl *ctl = &GIT_GLOBAL->mem_ctl;
git_mwindow *w = *cursor; git_mwindow *w = *cursor;
if (!w || !git_mwindow_contains(w, offset + extra)) { if (!w || !(git_mwindow_contains(w, offset) &&
git_mwindow_contains(w, offset + extra))) {
if (w) { if (w) {
w->inuse_cnt--; w->inuse_cnt--;
} }
for (w = mwf->windows; w; w = w->next) { for (w = mwf->windows; w; w = w->next) {
if (git_mwindow_contains(w, offset + extra)) if (git_mwindow_contains(w, offset) &&
git_mwindow_contains(w, offset + extra))
break; break;
} }
...@@ -242,7 +244,6 @@ unsigned char *git_mwindow_open( ...@@ -242,7 +244,6 @@ unsigned char *git_mwindow_open(
} }
offset -= w->offset; offset -= w->offset;
assert(git__is_sizet(offset));
if (left) if (left)
*left = (unsigned int)(w->window_map.len - offset); *left = (unsigned int)(w->window_map.len - offset);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment