From 08f16e2fc777e965cc10fa09dd08911f9cd77891 Mon Sep 17 00:00:00 2001
From: David Lawrence Ramsey <pooka109@gmail.com>
Date: Thu, 11 May 2006 01:53:33 +0000
Subject: [PATCH] in free_chararray(), assert that array isn't NULL, for
 consistency with the other free_.*() functions; also fix potential memory
 corruption problem when copying text

git-svn-id: svn://svn.savannah.gnu.org/nano/trunk/nano@3500 35c25a1d-7b9e-4130-9fde-d3aeb78583b8
---
 ChangeLog   |  3 +++
 src/cut.c   | 16 ++++++++++++----
 src/files.c |  2 ++
 3 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index aa59a4dc..c1674fb3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -106,6 +106,9 @@ CVS code -
 	  writing one for prepending fails. (DLR)
 	- Simplify the routine for closing the file just before we
 	  indicate success on the statusbar. (DLR)
+  free_chararray()
+	- Assert that array isn't NULL, for consistency with the other
+	  free_.*() functions. (DLR)
 - global.c:
   shortcut_init()
 	- Change the cursor position display help text to use "display"
diff --git a/src/cut.c b/src/cut.c
index ec224b9f..e54ff3a1 100644
--- a/src/cut.c
+++ b/src/cut.c
@@ -114,6 +114,9 @@ void do_cut_text(
     filestruct *cb_save = NULL;
 	/* The current end of the cutbuffer, before we add text to
 	 * it. */
+    size_t cb_save_len = 0;
+	/* The length of the string at the current end of the cutbuffer,
+	 * before we add text to it.  */
     bool old_mark_set = openfile->mark_set;
     bool old_no_newlines = ISSET(NO_NEWLINES);
 #endif
@@ -138,7 +141,7 @@ void do_cut_text(
 	    /* If the cutbuffer isn't empty, save where it currently
 	     * ends.  This is where the new text will be added. */
 	    cb_save = cutbottom;
-	    cb_save->data += strlen(cb_save->data);
+	    cb_save_len = strlen(cb_save->data);
 	}
 
 	/* Set NO_NEWLINES to TRUE, so that we don't disturb the last
@@ -173,9 +176,14 @@ void do_cut_text(
 	 * there is one, back into the filestruct.  This effectively
 	 * uncuts the text we just cut without marking the file as
 	 * modified. */
-	if (cutbuffer != NULL)
-	    copy_from_filestruct((cb_save != NULL) ? cb_save :
-		cutbuffer, cutbottom);
+	if (cutbuffer != NULL) {
+	    if (cb_save != NULL) {
+		cb_save->data += cb_save_len;
+		copy_from_filestruct(cb_save, cutbottom);
+		cb_save->data -= cb_save_len;
+	    } else
+		copy_from_filestruct(cutbuffer, cutbottom);
+	}
 
 	/* Set NO_NEWLINES back to what it was before, since we're done
 	 * disturbing the text. */
diff --git a/src/files.c b/src/files.c
index ff58840d..248849fa 100644
--- a/src/files.c
+++ b/src/files.c
@@ -1968,6 +1968,8 @@ int diralphasort(const void *va, const void *vb)
  * elements. */
 void free_chararray(char **array, size_t len)
 {
+    assert(array != NULL);
+
     for (; len > 0; len--)
 	free(array[len - 1]);
     free(array);
-- 
GitLab