]> git.ipfire.org Git - thirdparty/tor.git/commitdiff
projects / thirdparty / tor.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: dd92579)
Prop140: Fix a crash bug.
authorNick Mathewson <nickm@torproject.org>
Tue, 7 Mar 2017 21:06:03 +0000 (16:06 -0500)
committerNick Mathewson <nickm@torproject.org>
Thu, 16 Mar 2017 18:42:56 +0000 (14:42 -0400)
Found while fuzzing: this could occur if we tried to copy a
nonexistent "line 0" while applying a diff.

src/or/consdiff.c patch | blob | blame | history

diff --git a/src/or/consdiff.c b/src/or/consdiff.c
index 16933deb89a7a73bdde639034ec0854af52d9046..c33bad1940ba162c079e856a9b16806019dfaa65 100644 (file)
--- a/src/or/consdiff.c
+++ b/src/or/consdiff.c
@@ -742,7 +742,7 @@ apply_ed_diff(const smartlist_t *cons1, const smartlist_t *diff,
     }
 
     /* Add unchanged lines. */
-    for (; j > end; --j) {
+    for (; j && j > end; --j) {
       const char *cons_line = smartlist_get(cons1, j-1);
       smartlist_add(cons2, tor_strdup(cons_line));
     }
Mirror of https://git.torproject.org/tor.git