diff: avoid stack-buffer-read-overrun for very long name
Due to the use of strncpy without explicit NUL termination, we could end up passing names n1 or n2 that are not NUL-terminated to queue_diff, which requires NUL-terminated strings. Ensure that each is NUL terminated. Signed-off-by: Jim Meyering <meyering@redhat.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
parent
6eab5f2f14
commit
48e510b6a2
@ -109,6 +109,7 @@ static int queue_diff(struct diff_options *o,
|
||||
n1 = buffer1;
|
||||
strncpy(buffer1 + len1, p1.items[i1++].string,
|
||||
PATH_MAX - len1);
|
||||
buffer1[PATH_MAX-1] = 0;
|
||||
}
|
||||
|
||||
if (comp < 0)
|
||||
@ -117,6 +118,7 @@ static int queue_diff(struct diff_options *o,
|
||||
n2 = buffer2;
|
||||
strncpy(buffer2 + len2, p2.items[i2++].string,
|
||||
PATH_MAX - len2);
|
||||
buffer2[PATH_MAX-1] = 0;
|
||||
}
|
||||
|
||||
ret = queue_diff(o, n1, n2);
|
||||
|
Loading…
Reference in New Issue
Block a user