export_marks() has this code:
struct object_decoration *deco = idnums.hash;
...
for (i = 0; i < idnums.size; ++i) {
deco++;
if (deco && deco->base && deco->base->type == 1) {
...
}
}
I see that deco is off by one here at the end of the idnums.hash array
(and, btw, the check for 'deco &&' is always true). Indeed, this crashes
on Windows, and I can make it crash on Linux with this patch (which
overallocates a bit and writes junk into that space):
diff --git a/wrapper.c b/wrapper.c
index 4e04f76..658925e 100644
--- a/wrapper.c
+++ b/wrapper.c
@@ -72,7 +72,7 @@ void *xrealloc(void *ptr, size_t size)
void *xcalloc(size_t nmemb, size_t size)
{
- void *ret = calloc(nmemb, size);
+ void *ret = calloc(nmemb+1, size);
if (!ret && (!nmemb || !size))
ret = calloc(1, 1);
if (!ret) {
@@ -83,6 +83,7 @@ void *xcalloc(size_t nmemb, size_t size)
if (!ret)
die("Out of memory, calloc failed");
}
+ memset(ret+nmemb*size, 0xDE, size);
return ret;
}
--
1.5.6.64.gd77fe
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
