summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEli Zaretskii <eliz@gnu.org>2012-04-20 17:08:55 +0300
committerEli Zaretskii <eliz@gnu.org>2012-04-20 17:08:55 +0300
commit73055685ff9e9d3557ab378e276d42d82952ac7c (patch)
tree68dd014c09f1b39bf287c9794bb920277ef46916
parent9ee9f4709c53bbf1240a8f4169674172dd458030 (diff)
downloademacs-73055685ff9e9d3557ab378e276d42d82952ac7c.tar.gz
Fix bug #11288 with overrunning array limits.
src/dispnew.c (swap_glyph_pointers, copy_row_except_pointers): Don't overrun array limits of glyph row's used[] array.
Diffstat
-rw-r--r--src/ChangeLog5
-rw-r--r--src/dispnew.c12
2 files changed, 13 insertions, 4 deletions
diff --git a/src/ChangeLog b/src/ChangeLog
index 18b6ce1ad64..c232420d0b1 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2012-04-20 Eli Zaretskii <eliz@gnu.org>
+
+ * dispnew.c (swap_glyph_pointers, copy_row_except_pointers): Don't
+ overrun array limits of glyph row's used[] array. (Bug#11288)
+
2012-04-20 Chong Yidong <cyd@gnu.org>
* process.c (wait_reading_process_output): If EIO occurs on a pty,
diff --git a/src/dispnew.c b/src/dispnew.c
index 02d6de53bbf..b313852efe2 100644
--- a/src/dispnew.c
+++ b/src/dispnew.c
@@ -1085,12 +1085,16 @@ swap_glyph_pointers (struct glyph_row *a, struct glyph_row *b)
for (i = 0; i < LAST_AREA + 1; ++i)
{
struct glyph *temp = a->glyphs[i];
- short used_tem = a->used[i];
a->glyphs[i] = b->glyphs[i];
b->glyphs[i] = temp;
- a->used[i] = b->used[i];
- b->used[i] = used_tem;
+ if (i < LAST_AREA)
+ {
+ short used_tem = a->used[i];
+
+ a->used[i] = b->used[i];
+ b->used[i] = used_tem;
+ }
}
a->hash = b->hash;
b->hash = hash_tem;
@@ -1105,7 +1109,7 @@ static inline void
copy_row_except_pointers (struct glyph_row *to, struct glyph_row *from)
{
struct glyph *pointers[1 + LAST_AREA];
- short used[1 + LAST_AREA];
+ short used[LAST_AREA];
unsigned hashval;
/* Save glyph pointers of TO. */
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-20 15:46:28 +0000