Fossil SCM
Fix possible array-bounds overflow in the timeline graph computation.
Commit
202d3ea2b5aa1d0b759dadac46e04eb708e7f880ec459c89737f3ab4403b4a16
Parent
77250c94b0197c2…
1 file changed
+1
-1
+1
-1
| --- src/graph.c | ||
| +++ src/graph.c | ||
| @@ -121,11 +121,11 @@ | ||
| 121 | 121 | u8 hasOffsetMergeRiser; /* Merge arrow from leaf goes up on a different |
| 122 | 122 | ** rail that the node */ |
| 123 | 123 | u8 bOverfull; /* Unable to allocate sufficient rails */ |
| 124 | 124 | u64 mergeRail; /* Rails used for merge lines */ |
| 125 | 125 | GraphRow **apHash; /* Hash table of GraphRow objects. Key: rid */ |
| 126 | - u8 aiRailMap[GR_MAX_RAIL]; /* Mapping of rails to actually columns */ | |
| 126 | + u8 aiRailMap[GR_MAX_RAIL+1]; /* Mapping of rails to actually columns */ | |
| 127 | 127 | }; |
| 128 | 128 | |
| 129 | 129 | #endif |
| 130 | 130 | |
| 131 | 131 | /* The N-th bit */ |
| 132 | 132 |
| --- src/graph.c | |
| +++ src/graph.c | |
| @@ -121,11 +121,11 @@ | |
| 121 | u8 hasOffsetMergeRiser; /* Merge arrow from leaf goes up on a different |
| 122 | ** rail that the node */ |
| 123 | u8 bOverfull; /* Unable to allocate sufficient rails */ |
| 124 | u64 mergeRail; /* Rails used for merge lines */ |
| 125 | GraphRow **apHash; /* Hash table of GraphRow objects. Key: rid */ |
| 126 | u8 aiRailMap[GR_MAX_RAIL]; /* Mapping of rails to actually columns */ |
| 127 | }; |
| 128 | |
| 129 | #endif |
| 130 | |
| 131 | /* The N-th bit */ |
| 132 |
| --- src/graph.c | |
| +++ src/graph.c | |
| @@ -121,11 +121,11 @@ | |
| 121 | u8 hasOffsetMergeRiser; /* Merge arrow from leaf goes up on a different |
| 122 | ** rail that the node */ |
| 123 | u8 bOverfull; /* Unable to allocate sufficient rails */ |
| 124 | u64 mergeRail; /* Rails used for merge lines */ |
| 125 | GraphRow **apHash; /* Hash table of GraphRow objects. Key: rid */ |
| 126 | u8 aiRailMap[GR_MAX_RAIL+1]; /* Mapping of rails to actually columns */ |
| 127 | }; |
| 128 | |
| 129 | #endif |
| 130 | |
| 131 | /* The N-th bit */ |
| 132 |