Permalink
Browse files

In grid_duplicate_lines, if the line is empty (cellsize == 0) then clear

the destination celldata pointer rather than leaving a stale copy of the
source pointer (which may later be freed). Fixes a crash found by
Kuang-che Wu.
  • Loading branch information...
nicm
nicm committed Aug 24, 2015
1 parent 58b659a commit 3219e0314e3d1d39a57db330faa5693ce0264244
Showing with 2 additions and 1 deletion.
  1. +2 −1 grid.c
View
3 grid.c
@@ -652,7 +652,8 @@ grid_duplicate_lines(struct grid *dst, u_int dy, struct grid *src, u_int sy,
srcl->cellsize, sizeof *dstl->celldata);
memcpy(dstl->celldata, srcl->celldata,
srcl->cellsize * sizeof *dstl->celldata);
- }
+ } else
+ dstl->celldata = NULL;
sy++;
dy++;

0 comments on commit 3219e03

Please sign in to comment.