fix segfault when displaying empty blobs

When size is zero, subtracting one from it turns it into
ULONG_MAX which causes an out-of-bounds access on buf.

Signed-off-by: Eric Wong <normalperson@yhbt.net>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>

diff --git a/ui-tree.c b/ui-tree.c
index c6159ec3df97e059e1cd894202b4173172e9c9c1..553dbaa5a27e60ebad594d23cc842895bdf4beed 100644 (file)
--- a/ui-tree.c
+++ b/ui-tree.c
@@ -25,11 +25,14 @@ static void print_text_buffer(char *buf, unsigned long size)
        html("<tr><td class='linenumbers'><pre>");
        idx = 0;
        lineno = 0;
-       htmlf(numberfmt, ++lineno);
-       while(idx < size - 1) { // skip absolute last newline
-               if (buf[idx] == '\n')
-                       htmlf(numberfmt, ++lineno);
-               idx++;
+
+       if (size) {
+               htmlf(numberfmt, ++lineno);
+               while(idx < size - 1) { // skip absolute last newline
+                       if (buf[idx] == '\n')
+                               htmlf(numberfmt, ++lineno);
+                       idx++;
+               }
        }
        html("</pre></td>\n");
        html("<td class='lines'><pre><code>");