From 19c31231fac828bb336db67b8cccc871bea1500e Mon Sep 17 00:00:00 2001
From: Eric Wong <normalperson@yhbt.net>
Date: Wed, 4 Jan 2012 08:59:15 +0000
Subject: ui-ssdiff.c: correct length check for LCS table

Each individual string may be too long for its respective
dimension of the LCS table.

Signed-off-by: Eric Wong <normalperson@yhbt.net>
---
 ui-ssdiff.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/ui-ssdiff.c b/ui-ssdiff.c
index 9fb5b11..45770b1 100644
--- a/ui-ssdiff.c
+++ b/ui-ssdiff.c
@@ -42,14 +42,12 @@ static char *longest_common_subsequence(char *A, char *B)
 	int i, j, ri;
 	int m = strlen(A);
 	int n = strlen(B);
-	int tmp1, tmp2, length;
+	int tmp1, tmp2;
 	int lcs_length;
 	char *result;
 
-	length = (m + 1) * (n + 1);
-
 	// We bail if the lines are too long
-	if (length > MAX_SSDIFF_SIZE)
+	if (m >= MAX_SSDIFF_M || n >= MAX_SSDIFF_N)
 		return NULL;
 
 	create_or_reset_lcs_table();
-- 
cgit v1.2.3-59-g8ed1b


From 6a575b8900734a4640427416885e73c83af70736 Mon Sep 17 00:00:00 2001
From: Jamie Couture <jamie.couture@gmail.com>
Date: Wed, 11 Jan 2012 22:38:49 -0500
Subject: use correct type for sizeof

**L would have worked well too.  Depending on the distribution sizeof *L
may return 8 instead of 4. **L is preferable, but since we don't expect
this datatype to change very often, sizeof int is less subtle and easier
to understand.

Signed-off-by: Jamie Couture <jamie.couture@gmail.com>
---
 ui-ssdiff.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ui-ssdiff.c b/ui-ssdiff.c
index 45770b1..0cff4b8 100644
--- a/ui-ssdiff.c
+++ b/ui-ssdiff.c
@@ -23,7 +23,7 @@ static void create_or_reset_lcs_table()
 	int i;
 
 	if (L != NULL) {
-		memset(*L, 0, sizeof(*L) * MAX_SSDIFF_SIZE);
+		memset(*L, 0, sizeof(int) * MAX_SSDIFF_SIZE);
 		return;
 	}
 
-- 
cgit v1.2.3-59-g8ed1b


From 21418ec42a9a2de4c2c22eca7a1183b311914eca Mon Sep 17 00:00:00 2001
From: Eric Wong <normalperson@yhbt.net>
Date: Wed, 4 Jan 2012 09:01:51 +0000
Subject: segfault fix on some bogus requests

ctx.qry.head can be NULL in some cases due to bad requests
by weird bots.  I managed to reproduce with:

   PATH_INFO=/repo.git/shop.php QUERY_STRING=id=

Signed-off-by: Eric Wong <normalperson@yhbt.net>
---
 ui-shared.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ui-shared.c b/ui-shared.c
index 3e9282f..d7d75bf 100644
--- a/ui-shared.c
+++ b/ui-shared.c
@@ -294,7 +294,7 @@ void cgit_log_link(const char *name, const char *title, const char *class,
 	char *delim;
 
 	delim = repolink(title, class, "log", head, path);
-	if (rev && strcmp(rev, ctx.qry.head)) {
+	if (rev && ctx.qry.head && strcmp(rev, ctx.qry.head)) {
 		html(delim);
 		html("id=");
 		html_url_arg(rev);
@@ -338,7 +338,7 @@ void cgit_commit_link(char *name, const char *title, const char *class,
 	char *delim;
 
 	delim = repolink(title, class, "commit", head, path);
-	if (rev && strcmp(rev, ctx.qry.head)) {
+	if (rev && ctx.qry.head && strcmp(rev, ctx.qry.head)) {
 		html(delim);
 		html("id=");
 		html_url_arg(rev);
-- 
cgit v1.2.3-59-g8ed1b