commit 12d428aaff6d90cadeaca12367f4e14fa673e51c Author: Nick Mathewson nickm@torproject.org Date: Tue Mar 7 16:06:03 2017 -0500

Prop140: Fix a crash bug.

Found while fuzzing: this could occur if we tried to copy a nonexistent "line 0" while applying a diff. --- src/or/consdiff.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/or/consdiff.c b/src/or/consdiff.c index 16933de..c33bad1 100644 --- a/src/or/consdiff.c +++ b/src/or/consdiff.c @@ -742,7 +742,7 @@ apply_ed_diff(const smartlist_t *cons1, const smartlist_t *diff, }

/* Add unchanged lines. */ - for (; j > end; --j) { + for (; j && j > end; --j) { const char *cons_line = smartlist_get(cons1, j-1); smartlist_add(cons2, tor_strdup(cons_line)); }