Commit 31e80290a1a08a24780a0cbedd3a400fccd80a8b
2012-04-04T16:21:52
mwindow: make sure the whole range is contained inside the same window Looking through the open windows to check whether we can re-use an open window should take into account whether both `offset` and `offset + extra` are contained within the same window. Failure to do so can lead to invalid memory accesses. This closes #614. While we're in the area remove an outdated assert.
diff --git a/src/mwindow.c b/src/mwindow.c
index 39f6aea..f657d9d 100644
--- a/src/mwindow.c
+++ b/src/mwindow.c
@@ -211,13 +211,15 @@ unsigned char *git_mwindow_open(
git_mwindow_ctl *ctl = &GIT_GLOBAL->mem_ctl;
git_mwindow *w = *cursor;
- if (!w || !git_mwindow_contains(w, offset + extra)) {
+ if (!w || !(git_mwindow_contains(w, offset) &&
+ git_mwindow_contains(w, offset + extra))) {
if (w) {
w->inuse_cnt--;
}
for (w = mwf->windows; w; w = w->next) {
- if (git_mwindow_contains(w, offset + extra))
+ if (git_mwindow_contains(w, offset) &&
+ git_mwindow_contains(w, offset + extra))
break;
}
@@ -242,7 +244,6 @@ unsigned char *git_mwindow_open(
}
offset -= w->offset;
- assert(git__is_sizet(offset));
if (left)
*left = (unsigned int)(w->window_map.len - offset);