From 3219e0314e3d1d39a57db330faa5693ce0264244 Mon Sep 17 00:00:00 2001
From: nicm <nicm>
Date: Mon, 24 Aug 2015 22:49:13 +0000
Subject: [PATCH] In grid_duplicate_lines, if the line is empty (cellsize == 0)
 then clear the destination celldata pointer rather than leaving a stale copy
 of the source pointer (which may later be freed). Fixes a crash found by
 Kuang-che Wu.

---
 grid.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/grid.c b/grid.c
index 7e086143..c339cdc5 100644
--- a/grid.c
+++ b/grid.c
@@ -652,7 +652,8 @@ grid_duplicate_lines(struct grid *dst, u_int dy, struct grid *src, u_int sy,
 			    srcl->cellsize, sizeof *dstl->celldata);
 			memcpy(dstl->celldata, srcl->celldata,
 			    srcl->cellsize * sizeof *dstl->celldata);
-		}
+		} else
+			dstl->celldata = NULL;
 
 		sy++;
 		dy++;