Avoid memory access errors if llength() overflows

llength() is currently a 'short' which can overflow and result in signed numbers if line lengths are larger than 32k. We'll fix the overflow separately, but before we do that, just use a signed int to hold the value so that we don't overrun memory allocations when we converted that negative number to a large positive unsigned integer. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Linus Torvalds <torvalds@linux-foundation.org> 2013-02-22 14:29:43 -0800
committer: Linus Torvalds <torvalds@linux-foundation.org> 2013-02-22 14:29:43 -0800
commit: 25f0141df133f3522c6d23ddd96ae341813b9638 (patch)
tree: c4036efca6e2a437275886d9408d11b0fa9a7f3a
parent: 8899ed4e1f076d6f3c400731992210513bb629d3 (diff)
download: uemacs-25f0141df133f3522c6d23ddd96ae341813b9638.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/display.c b/display.c
index 5323c30..d6d3dba 100644
--- a/display.c
+++ b/display.c
@@ -442,7 +442,7 @@ static int reframe(struct window *wp)
 
 static void show_line(struct line *lp)
 {
-	unsigned i = 0, len = llength(lp);
+	int i = 0, len = llength(lp);
 
 	while (i < len) {
 		unicode_t c;
author	Linus Torvalds <torvalds@linux-foundation.org>	2013-02-22 14:29:43 -0800
committer	Linus Torvalds <torvalds@linux-foundation.org>	2013-02-22 14:29:43 -0800
commit	25f0141df133f3522c6d23ddd96ae341813b9638 (patch)
tree	c4036efca6e2a437275886d9408d11b0fa9a7f3a
parent	8899ed4e1f076d6f3c400731992210513bb629d3 (diff)
download	uemacs-25f0141df133f3522c6d23ddd96ae341813b9638.tar.gz