From 2039d8f832c8cf2604d6c569a320d0148eae14e0 Mon Sep 17 00:00:00 2001 From: NeilBrown Date: Fri, 27 Dec 2019 15:58:27 +1100 Subject: [PATCH] merge2: guard against over-flowing elcnt It should be impossible to overflow elcnt in these cases, but I have seen it happen. There must be bug somewhere else, but for now, just prevent the crash. Signed-off-by: NeilBrown --- merge2.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/merge2.c b/merge2.c index 9682a90..49f43f6 100644 --- a/merge2.c +++ b/merge2.c @@ -224,7 +224,10 @@ int isolate_conflicts(struct file af, struct file bf, struct file cf, * might be after the last newline, if there * is one, or might be at the start */ - for (k = m[j].al; k > 0; k--) + for (k = m[j].al; k > 0; k--) { + if (m[j].a + k >= af.elcnt) + /* FIXME impossible!*/ + break; if (ends_line(af.list[m[j].a+k-1])) { if (firstk > m[j].al) firstk = k; @@ -234,6 +237,7 @@ int isolate_conflicts(struct file af, struct file bf, struct file cf, break; } } + } if (k > 0) m[j].hi = k; else if (j == 0) @@ -380,7 +384,12 @@ int isolate_conflicts(struct file af, struct file bf, struct file cf, if (m[i].type == End) break; } - for (k = 1; k < m[i].al; k++) + for (k = 1; k < m[i].al; k++) { + if (m[i].a + k >= af.elcnt) + /* FIXME this should be impossible, but + * it happened. + */ + break; if (words || ends_line(af.list[m[i].a+k])) { if (unmatched) unmatched--; @@ -389,6 +398,7 @@ int isolate_conflicts(struct file af, struct file bf, struct file cf, if (extraneous) extraneous--; } + } } if (!show_wiggles) *wigglesp = wiggles; @@ -615,7 +625,7 @@ static int printrange(FILE *out, struct file *f, int start, int len, int offset) { int lines = 0; - while (len > 0) { + while (len > 0 && start < f->elcnt) { struct elmnt e = f->list[start]; printword(out, e); if (e.start[e.plen-1] == '\n' && -- 2.39.5