undef/git-commit-vandalism
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

run_external_diff: use an argv_array for the command line

Browse Source 
We currently generate the command-line for the external
command using a fixed-length array of size 10. But if there
is a rename, we actually need 11 elements (10 items, plus a
NULL), and end up writing a random NULL onto the stack.

Rather than bump the limit, let's just use an argv_array, which
makes this sort of error impossible.

Noticed-by: Max L <infthi.inbox@gmail.com>
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Jeff King 2014-04-19 15:17:06 -04:00 committed by Junio C Hamano
parent 0bc85abb7a
commit 82fbf269b9
1 changed files with 16 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
diff.c
View File

@ -16,6 +16,7 @@
#include "submodule.h"
#include "ll-merge.h"
#include "string-list.h"
#include "argv-array.h"
#ifdef NO_FAST_WORKING_DIRECTORY
#define FAST_WORKING_DIRECTORY 0
@ -2906,9 +2907,8 @@ static void run_external_diff(const char *pgm,
int complete_rewrite,
struct diff_options *o)
{
const char *spawn_arg[10];
struct argv_array argv = ARGV_ARRAY_INIT;
int retval;
const char **arg = &spawn_arg[0];
struct diff_queue_struct *q = &diff_queued_diff;
const char *env[3] = { NULL };
char env_counter[50];
@ -2919,23 +2919,22 @@ static void run_external_diff(const char *pgm,
const char *othername = (other ? other : name);
temp_one = prepare_temp_file(name, one);
temp_two = prepare_temp_file(othername, two);
*arg++ = pgm;
*arg++ = name;
*arg++ = temp_one->name;
*arg++ = temp_one->hex;
*arg++ = temp_one->mode;
*arg++ = temp_two->name;
*arg++ = temp_two->hex;
*arg++ = temp_two->mode;
argv_array_push(&argv, pgm);
argv_array_push(&argv, name);
argv_array_push(&argv, temp_one->name);
argv_array_push(&argv, temp_one->hex);
argv_array_push(&argv, temp_one->mode);
argv_array_push(&argv, temp_two->name);
argv_array_push(&argv, temp_two->hex);
argv_array_push(&argv, temp_two->mode);
if (other) {
*arg++ = other;
*arg++ = xfrm_msg;
argv_array_push(&argv, other);
argv_array_push(&argv, xfrm_msg);
}
} else {
*arg++ = pgm;
*arg++ = name;
argv_array_push(&argv, pgm);
argv_array_push(&argv, name);
}
*arg = NULL;
fflush(NULL);
env[0] = env_counter;
@ -2944,8 +2943,9 @@ static void run_external_diff(const char *pgm,
env[1] = env_total;
snprintf(env_total, sizeof(env_total), "GIT_DIFF_PATH_TOTAL=%d", q->nr);
retval = run_command_v_opt_cd_env(spawn_arg, RUN_USING_SHELL, NULL, env);
retval = run_command_v_opt_cd_env(argv.argv, RUN_USING_SHELL, NULL, env);
remove_tempfile();
argv_array_clear(&argv);
if (retval) {
fprintf(stderr, "external diff died, stopping at %s.\n", name);
exit(1);