Make sure fsck_commit_buffer() does not run out of the buffer
So far, we assumed that the buffer is NUL terminated, but this is not a safe assumption, now that we opened the fsck_object() API to pass a buffer directly. So let's make sure that there is at least an empty line in the buffer. That way, our checks would fail if the empty line was encountered prematurely, and consequently we can get away with the current string comparisons even with non-NUL-terminated buffers are passed to fsck_object(). Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
parent
90a398bbd7
commit
4d0d89755e
23
fsck.c
23
fsck.c
@ -237,6 +237,26 @@ static int fsck_tree(struct tree *item, int strict, fsck_error error_func)
|
|||||||
return retval;
|
return retval;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int require_end_of_header(const void *data, unsigned long size,
|
||||||
|
struct object *obj, fsck_error error_func)
|
||||||
|
{
|
||||||
|
const char *buffer = (const char *)data;
|
||||||
|
unsigned long i;
|
||||||
|
|
||||||
|
for (i = 0; i < size; i++) {
|
||||||
|
switch (buffer[i]) {
|
||||||
|
case '\0':
|
||||||
|
return error_func(obj, FSCK_ERROR,
|
||||||
|
"unterminated header: NUL at offset %d", i);
|
||||||
|
case '\n':
|
||||||
|
if (i + 1 < size && buffer[i + 1] == '\n')
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return error_func(obj, FSCK_ERROR, "unterminated header");
|
||||||
|
}
|
||||||
|
|
||||||
static int fsck_ident(const char **ident, struct object *obj, fsck_error error_func)
|
static int fsck_ident(const char **ident, struct object *obj, fsck_error error_func)
|
||||||
{
|
{
|
||||||
char *end;
|
char *end;
|
||||||
@ -284,6 +304,9 @@ static int fsck_commit_buffer(struct commit *commit, const char *buffer,
|
|||||||
unsigned parent_count, parent_line_count = 0;
|
unsigned parent_count, parent_line_count = 0;
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
|
if (require_end_of_header(buffer, size, &commit->object, error_func))
|
||||||
|
return -1;
|
||||||
|
|
||||||
if (!skip_prefix(buffer, "tree ", &buffer))
|
if (!skip_prefix(buffer, "tree ", &buffer))
|
||||||
return error_func(&commit->object, FSCK_ERROR, "invalid format - expected 'tree' line");
|
return error_func(&commit->object, FSCK_ERROR, "invalid format - expected 'tree' line");
|
||||||
if (get_sha1_hex(buffer, tree_sha1) || buffer[40] != '\n')
|
if (get_sha1_hex(buffer, tree_sha1) || buffer[40] != '\n')
|
||||||
|
Loading…
Reference in New Issue
Block a user