From 73055685ff9e9d3557ab378e276d42d82952ac7c Mon Sep 17 00:00:00 2001 From: Eli Zaretskii Date: Fri, 20 Apr 2012 17:08:55 +0300 Subject: [PATCH] Fix bug #11288 with overrunning array limits. src/dispnew.c (swap_glyph_pointers, copy_row_except_pointers): Don't overrun array limits of glyph row's used[] array. --- src/ChangeLog | 5 +++++ src/dispnew.c | 12 ++++++++---- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 18b6ce1ad64..c232420d0b1 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,8 @@ +2012-04-20 Eli Zaretskii + + * dispnew.c (swap_glyph_pointers, copy_row_except_pointers): Don't + overrun array limits of glyph row's used[] array. (Bug#11288) + 2012-04-20 Chong Yidong * process.c (wait_reading_process_output): If EIO occurs on a pty, diff --git a/src/dispnew.c b/src/dispnew.c index 02d6de53bbf..b313852efe2 100644 --- a/src/dispnew.c +++ b/src/dispnew.c @@ -1085,12 +1085,16 @@ swap_glyph_pointers (struct glyph_row *a, struct glyph_row *b) for (i = 0; i < LAST_AREA + 1; ++i) { struct glyph *temp = a->glyphs[i]; - short used_tem = a->used[i]; a->glyphs[i] = b->glyphs[i]; b->glyphs[i] = temp; - a->used[i] = b->used[i]; - b->used[i] = used_tem; + if (i < LAST_AREA) + { + short used_tem = a->used[i]; + + a->used[i] = b->used[i]; + b->used[i] = used_tem; + } } a->hash = b->hash; b->hash = hash_tem; @@ -1105,7 +1109,7 @@ static inline void copy_row_except_pointers (struct glyph_row *to, struct glyph_row *from) { struct glyph *pointers[1 + LAST_AREA]; - short used[1 + LAST_AREA]; + short used[LAST_AREA]; unsigned hashval; /* Save glyph pointers of TO. */ -- 2.39.2