Fix off-by-one in buffer cloning that can cause double free().
Fixes issue #284.
diff --git a/THANKS b/THANKS
index 8385d32..2a6c58e 100644
--- a/THANKS
+++ b/THANKS
@@ -102,6 +102,7 @@
Rikard Falkeborn <rikard.falkeborn@gmail.com>
Robert Norris <rw_norris@hotmail.com>
Roberto Tirabassi <rtirabassi@3di.it>
+robhz786 <robhz786@gmail.com>
Roland Ortloff <Ortloff.R@gmx.de>
Rosen Penev <rosenp@gmail.com>
Ryan Burns <rtburns@protonmail.com>
diff --git a/lib/zip_source_buffer.c b/lib/zip_source_buffer.c
index e0ab72b..c0d6c28 100644
--- a/lib/zip_source_buffer.c
+++ b/lib/zip_source_buffer.c
@@ -361,13 +361,13 @@
clone->fragment_offsets[clone->nfragments] = offset;
clone->size = offset;
- clone->first_owned_fragment = ZIP_MIN(buffer->first_owned_fragment, clone->nfragments - 1);
+ clone->first_owned_fragment = ZIP_MIN(buffer->first_owned_fragment, clone->nfragments);
buffer->shared_buffer = clone;
clone->shared_buffer = buffer;
buffer->shared_fragments = clone->nfragments;
clone->shared_fragments = fragment + 1;
-
+
return clone;
}
