Fixed two buffer handling errors in vector.c

- remove() would read one-past array bounds. - resize() would fail if the initial size was 1, because it multiplied by 1.75 and truncated the resulting value. The buffer would always remain at size 1, but elements would repeatedly be appended (via insert()) causing a crash.
author: Alex Budovski <abudovski@gmail.com> 2011-01-07 11:35:43 +1100
committer: Vicent Marti <tanoku@gmail.com> 2011-01-08 22:17:52 +0200
commit: a17777d161583401983a6dc1e5a659c9dc2f5257 (patch)
tree: 3f74aa73efdde83205a2938a05dc9cf15ff27a50 /src/vector.c
parent: 9ace34c8deb97cb18aafe6bf2aa4a6b69dd5f117 (diff)
download: libgit2-a17777d161583401983a6dc1e5a659c9dc2f5257.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/src/vector.c b/src/vector.c
index 47e8ce845..325f34306 100644
--- a/src/vector.c
+++ b/src/vector.c
@@ -34,7 +34,7 @@ static int resize_vector(git_vector *v)
 {
 	void **new_contents;
 
-	v->_alloc_size = (unsigned int)(v->_alloc_size * resize_factor);
+	v->_alloc_size = ((unsigned int)(v->_alloc_size * resize_factor)) + 1;
 	if (v->_alloc_size == 0)
 		v->_alloc_size = minimum_size;
 
@@ -130,7 +130,7 @@ int git_vector_remove(git_vector *v, unsigned int idx)
 	if (idx >= v->length || v->length == 0)
 		return GIT_ENOTFOUND;
 
-	for (i = idx; i < v->length; ++i)
+	for (i = idx; i < v->length - 1; ++i)
 		v->contents[i] = v->contents[i + 1];
 
 	v->length--;
author	Alex Budovski <abudovski@gmail.com>	2011-01-07 11:35:43 +1100
committer	Vicent Marti <tanoku@gmail.com>	2011-01-08 22:17:52 +0200
commit	a17777d161583401983a6dc1e5a659c9dc2f5257 (patch)
tree	3f74aa73efdde83205a2938a05dc9cf15ff27a50 /src/vector.c
parent	9ace34c8deb97cb18aafe6bf2aa4a6b69dd5f117 (diff)
download	libgit2-a17777d161583401983a6dc1e5a659c9dc2f5257.tar.gz