From b03d52e6d93c1133aeaed71379ed9a64ada97790 Mon Sep 17 00:00:00 2001
From: John Mark Bell <jmb@netsurf-browser.org>
Date: Fri, 29 May 2009 23:23:02 +0000
Subject: Ensure we don't read beyond the end of the array of available
 matches. Set any remaining saved pointers to NULL.

svn path=/trunk/netsurf/; revision=7641
---
 riscos/url_complete.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

(limited to 'riscos')

diff --git a/riscos/url_complete.c b/riscos/url_complete.c
index 81600f262..b242afb3f 100644
--- a/riscos/url_complete.c
+++ b/riscos/url_complete.c
@@ -146,10 +146,16 @@ bool ro_gui_url_complete_keypress(struct gui_window *g, uint32_t key)
 		lines = MAXIMUM_VISIBLE_LINES;
 		if (lines > url_complete_matches_available)
 			lines = url_complete_matches_available;
-		if (url_complete_matches)
-			for (i = 0; i < MAXIMUM_VISIBLE_LINES; i++)
-				url_complete_redraw[i] =
+		if (url_complete_matches) {
+			for (i = 0; i < MAXIMUM_VISIBLE_LINES; i++) {
+				if (i < lines) {
+					url_complete_redraw[i] = 
 						url_complete_matches[i];
+				} else {
+					url_complete_redraw[i] = NULL;
+				}
+			}
+		}
 
 		/* our selection gets wiped */
 		error = xwimp_force_redraw(dialog_url_complete,
-- 
cgit v1.2.3