jdelony/llama.cpp
1
0
Fork 0
mirror of https://github.com/ggml-org/llama.cpp.git synced 2026-06-27 23:50:20 -05:00
Code Issues Packages Projects Releases Wiki Activity

server: fix edit_file crash on append at end of file (line_start -1) (#24893)

Browse Source 
line_start -1 normalized to n+1, so append inserted at lines.begin() + n + 1,
one past end() -> heap-buffer-overflow in vector::_M_range_insert.

Normalize -1 to n (insert at end()), restrict -1 to append mode and reject it
for replace/delete instead of silently clobbering the last line. Parenthesize
the insert offset so empty-file append computes the position as int first,
avoiding a transient begin() - 1 on a null vector data pointer.
This commit is contained in:
Pascal 2026-06-22 10:55:28 +02:00 committed by GitHub
parent 0ef6f06d55
commit d0f9d2e5ac
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
tools/server/server-tools.cpp
View File

@ -569,9 +569,13 @@ struct server_tool_edit_file : server_tool {
}
int n = (int) lines.size();
if (e.line_start == -1) {
// -1 means end of file; line_end is ignored — normalize to point past last line
e.line_start = n + 1;
e.line_end = n + 1;
// -1 targets end of file -> valid for append only; line_end is ignored
if (e.mode != "append") {
return {{"error", "line_start -1 (end of file) is only valid for append mode"}};
}
// append at end of file: insert position is the current line count
e.line_start = n;
e.line_end = n;
} else {
if (e.line_start < 1 || e.line_end < e.line_start) {
return {{"error", string_format("invalid line range [%d, %d]", e.line_start, e.line_end)}};
@ -612,8 +616,8 @@ struct server_tool_edit_file : server_tool {
} else if (e.mode == "delete") {
lines.erase(lines.begin() + idx_start, lines.begin() + idx_end + 1);
} else { // append
// idx_end + 1 may equal lines.size() when line_start == -1 (end of file)
lines.insert(lines.begin() + idx_end + 1, new_lines.begin(), new_lines.end());
// insert after idx_end; idx_end + 1 == lines.size() for end-of-file append
lines.insert(lines.begin() + (idx_end + 1), new_lines.begin(), new_lines.end());
}
}