diff: avoid stack-buffer-read-overrun for very long name

Due to the use of strncpy without explicit NUL termination,
we could end up passing names n1 or n2 that are not NUL-terminated
to queue_diff, which requires NUL-terminated strings.
Ensure that each is NUL terminated.

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Jim Meyering 2012-04-16 17:20:02 +02:00 committed by Junio C Hamano
parent 6eab5f2f14
commit 48e510b6a2

View File

@ -109,6 +109,7 @@ static int queue_diff(struct diff_options *o,
n1 = buffer1;
strncpy(buffer1 + len1, p1.items[i1++].string,
PATH_MAX - len1);
buffer1[PATH_MAX-1] = 0;
}
if (comp < 0)
@ -117,6 +118,7 @@ static int queue_diff(struct diff_options *o,
n2 = buffer2;
strncpy(buffer2 + len2, p2.items[i2++].string,
PATH_MAX - len2);
buffer2[PATH_MAX-1] = 0;
}
ret = queue_diff(o, n1, n2);