fix segfault when displaying empty blobs

When size is zero, subtracting one from it turns it into ULONG_MAX which causes an out-of-bounds access on buf. Signed-off-by: Eric Wong <normalperson@yhbt.net> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
16 years ago · 112973615a
parent 6063e7b553
commit 112973615a
1 changed files with 8 additions and 5 deletions
--- a/ui-tree.c
+++ b/ui-tree.c
@ -25,11 +25,14 @@ static void print_text_buffer(char *buf, unsigned long size)
 	html("<tr><td class='linenumbers'><pre>");
 	idx = 0;
 	lineno = 0;
-	htmlf(numberfmt, ++lineno);
-	while(idx < size - 1) { // skip absolute last newline
-		if (buf[idx] == '\n')
-			htmlf(numberfmt, ++lineno);
-		idx++;
+
+	if (size) {
+		htmlf(numberfmt, ++lineno);
+		while(idx < size - 1) { // skip absolute last newline
+			if (buf[idx] == '\n')
+				htmlf(numberfmt, ++lineno);
+			idx++;
+		}
 	}
 	html("</pre></td>\n");
 	html("<td class='lines'><pre><code>");