Merge branch 'jc/url-match'

While normalizing a URL, we forgot that the buffer that holds it
could be relocated when it grows, which was a brown-paper-bag bug
that can lead to a crash introduced on 'master' post 1.8.4 release.

* jc/url-match:
  urlmatch.c: recompute pointer after append_normalized_escapes
This commit is contained in:
Junio C Hamano 2013-09-18 11:48:30 -07:00
commit 34e8d9982a

View File

@ -281,9 +281,11 @@ char *url_normalize(const char *url, struct url_info *out_info)
url_len--; url_len--;
} }
for (;;) { for (;;) {
const char *seg_start = norm.buf + norm.len; const char *seg_start;
size_t seg_start_off = norm.len;
const char *next_slash = url + strcspn(url, "/?#"); const char *next_slash = url + strcspn(url, "/?#");
int skip_add_slash = 0; int skip_add_slash = 0;
/* /*
* RFC 3689 indicates that any . or .. segments should be * RFC 3689 indicates that any . or .. segments should be
* unescaped before being checked for. * unescaped before being checked for.
@ -297,6 +299,8 @@ char *url_normalize(const char *url, struct url_info *out_info)
strbuf_release(&norm); strbuf_release(&norm);
return NULL; return NULL;
} }
seg_start = norm.buf + seg_start_off;
if (!strcmp(seg_start, ".")) { if (!strcmp(seg_start, ".")) {
/* ignore a . segment; be careful not to remove initial '/' */ /* ignore a . segment; be careful not to remove initial '/' */
if (seg_start == path_start + 1) { if (seg_start == path_start + 1) {