Avoid memory access errors if llength() overflows llength() is currently a 'short' which can overflow and result in signed numbers if line lengths are larger than 32k. We'll fix the overflow separately, but before we do that, just use a signed int to hold the value so that we don't overrun memory allocations when we converted that negative number to a large positive unsigned integer. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

commit: 25f0141df133f3522c6d23ddd96ae341813b9638 [log] [tgz]
author: Linus Torvalds <torvalds@linux-foundation.org> Fri Feb 22 14:29:43 2013 -0800
committer: Linus Torvalds <torvalds@linux-foundation.org> Fri Feb 22 14:29:43 2013 -0800
tree: c4036efca6e2a437275886d9408d11b0fa9a7f3a
parent: 8899ed4e1f076d6f3c400731992210513bb629d3 [diff]
diff --git a/display.c b/display.c
index 5323c30..d6d3dba 100644
--- a/display.c
+++ b/display.c

@@ -442,7 +442,7 @@
 
 static void show_line(struct line *lp)
 {
-	unsigned i = 0, len = llength(lp);
+	int i = 0, len = llength(lp);
 
 	while (i < len) {
 		unicode_t c;
commit	25f0141df133f3522c6d23ddd96ae341813b9638	[log] [tgz]
author	Linus Torvalds <torvalds@linux-foundation.org>	Fri Feb 22 14:29:43 2013 -0800
committer	Linus Torvalds <torvalds@linux-foundation.org>	Fri Feb 22 14:29:43 2013 -0800
tree	c4036efca6e2a437275886d9408d11b0fa9a7f3a
parent	8899ed4e1f076d6f3c400731992210513bb629d3 [diff]