From 31e80290a1a08a24780a0cbedd3a400fccd80a8b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carlos=20Mart=C3=ADn=20Nieto?= <carlos@cmartin.tk>
Date: Wed, 4 Apr 2012 16:21:52 +0200
Subject: [PATCH] mwindow: make sure the whole range is contained inside the
 same window

Looking through the open windows to check whether we can re-use an
open window should take into account whether both `offset` and `offset
+ extra` are contained within the same window. Failure to do so can
lead to invalid memory accesses. This closes #614.

While we're in the area remove an outdated assert.
---
 src/mwindow.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/mwindow.c b/src/mwindow.c
index 39f6aeacc..f657d9d34 100644
--- a/src/mwindow.c
+++ b/src/mwindow.c
@@ -211,13 +211,15 @@ unsigned char *git_mwindow_open(
 	git_mwindow_ctl *ctl = &GIT_GLOBAL->mem_ctl;
 	git_mwindow *w = *cursor;
 
-	if (!w || !git_mwindow_contains(w, offset + extra)) {
+	if (!w || !(git_mwindow_contains(w, offset) &&
+		    git_mwindow_contains(w, offset + extra))) {
 		if (w) {
 			w->inuse_cnt--;
 		}
 
 		for (w = mwf->windows; w; w = w->next) {
-			if (git_mwindow_contains(w, offset + extra))
+			if (git_mwindow_contains(w, offset) &&
+			    git_mwindow_contains(w, offset + extra))
 				break;
 		}
 
@@ -242,7 +244,6 @@ unsigned char *git_mwindow_open(
 	}
 
 	offset -= w->offset;
-	assert(git__is_sizet(offset));
 
 	if (left)
 		*left = (unsigned int)(w->window_map.len - offset);