| Ticket UUID: | 41bb23e65002895e71d5ff1670f2e72037d82678 | ||
| Title: | win32 fossil commit stops if many files added or edited. | ||
| Status: | Fixed | Type: | Code_Defect |
| Severity: | Minor | Priority: | Immediate |
| Subsystem: | Resolution: | Open | |
| Last Modified: | 2008-10-26 02:29:47 | ||
| Version Found In: | a1f727be9d | ||
| Description & Comments: | |||
|
'blob_add_cr()' has buffer overrun if it requires to call 'blob_resize()'
(declared in "blob.c") 'blob_add_cr()' increase 'Blob#nUsed' if Blob includes '\n'. and 'blob_resize()' update it, too. then it makes buffer overrun. here is my replacement void blob_add_cr(Blob *p){
char *z = p->aData;
int j = p->nUsed;
int i, n;
for(i=n=0; i<j; i++){
if( z[i]=='\n' ) n++;
}
j += n;
if( j>=p->nAlloc ){
blob_resize(p, j);
z = p->aData;
}
p->nUsed = j;
z[j] = 0;
while( j>i ){
if( (z[--j] = z[--i]) =='\n' ){
z[--j] = '\r';
}
}
}
| |||
View Ticket