Avoid memory access errors if llength() overflows
llength() is currently a 'short' which can overflow and result in signed
numbers if line lengths are larger than 32k. We'll fix the overflow
separately, but before we do that, just use a signed int to hold the
value so that we don't overrun memory allocations when we converted that
negative number to a large positive unsigned integer.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
diff --git a/display.c b/display.c
index 5323c30..d6d3dba 100644
--- a/display.c
+++ b/display.c
@@ -442,7 +442,7 @@
static void show_line(struct line *lp)
{
- unsigned i = 0, len = llength(lp);
+ int i = 0, len = llength(lp);
while (i < len) {
unicode_t c;