From 112973615a78ce61fd6e767128df03b075be72ca Mon Sep 17 00:00:00 2001
From: Eric Wong <normalperson@yhbt.net>
Date: Sat, 14 Mar 2009 18:41:47 -0700
Subject: fix segfault when displaying empty blobs

When size is zero, subtracting one from it turns it into
ULONG_MAX which causes an out-of-bounds access on buf.

Signed-off-by: Eric Wong <normalperson@yhbt.net>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
---
 ui-tree.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/ui-tree.c b/ui-tree.c
index c6159ec..553dbaa 100644
--- a/ui-tree.c
+++ b/ui-tree.c
@@ -25,11 +25,14 @@ static void print_text_buffer(char *buf, unsigned long size)
 	html("<tr><td class='linenumbers'><pre>");
 	idx = 0;
 	lineno = 0;
-	htmlf(numberfmt, ++lineno);
-	while(idx < size - 1) { // skip absolute last newline
-		if (buf[idx] == '\n')
-			htmlf(numberfmt, ++lineno);
-		idx++;
+
+	if (size) {
+		htmlf(numberfmt, ++lineno);
+		while(idx < size - 1) { // skip absolute last newline
+			if (buf[idx] == '\n')
+				htmlf(numberfmt, ++lineno);
+			idx++;
+		}
 	}
 	html("</pre></td>\n");
 	html("<td class='lines'><pre><code>");
-- 
cgit v1.2.3