[PATCH] Fix strcat() on uninitialized memory

[PATCH] Fix strcat() on uninitialized memory

[Johannes Schindelin]

Under certain circumstances, this bug would trigger a buffer overflow
error with libc, and fail test 5516.

Strbufs would have avoided the issue.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
---
 builtin/receive-pack.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/builtin/receive-pack.c b/builtin/receive-pack.c
index 05071c3..1644424 100644
--- a/builtin/receive-pack.c
+++ b/builtin/receive-pack.c
@@ -569,9 +569,9 @@ static void check_aliased_update(struct command *cmd, struct string_list *list)
 	dst_cmd->skip_update = 1;
 
 	strcpy(cmd_oldh, find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV));
-	strcat(cmd_newh, find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV));
+	strcpy(cmd_newh, find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV));
 	strcpy(dst_oldh, find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV));
-	strcat(dst_newh, find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
+	strcpy(dst_newh, find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
 	rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
 		 " its target '%s' (%s..%s)",
 		 cmd->ref_name, cmd_oldh, cmd_newh,
-- 
1.7.1.msysgit.0.2.g2fefc8

Re: [PATCH] Fix strcat() on uninitialized memory

[Jay Soffian]

Thanks, this was caught last week and patch posted by Thomas:

http://marc.info/?l=git&m=127619546001346&w=2

j.

On Mon, Jun 14, 2010 at 12:19 PM, Johannes Schindelin
<Johannes.Schindelin@gmx.de> wrote:
>
> Under certain circumstances, this bug would trigger a buffer overflow
> error with libc, and fail test 5516.
>
> Strbufs would have avoided the issue.
>
> Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
> ---
>  builtin/receive-pack.c |    4 ++--
>  1 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/builtin/receive-pack.c b/builtin/receive-pack.c
> index 05071c3..1644424 100644
> --- a/builtin/receive-pack.c
> +++ b/builtin/receive-pack.c
> @@ -569,9 +569,9 @@ static void check_aliased_update(struct command *cmd, struct string_list *list)
>        dst_cmd->skip_update = 1;
>
>        strcpy(cmd_oldh, find_unique_abbrev(cmd->old_sha1, DEFAULT_ABBREV));
> -       strcat(cmd_newh, find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV));
> +       strcpy(cmd_newh, find_unique_abbrev(cmd->new_sha1, DEFAULT_ABBREV));
>        strcpy(dst_oldh, find_unique_abbrev(dst_cmd->old_sha1, DEFAULT_ABBREV));
> -       strcat(dst_newh, find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
> +       strcpy(dst_newh, find_unique_abbrev(dst_cmd->new_sha1, DEFAULT_ABBREV));
>        rp_error("refusing inconsistent update between symref '%s' (%s..%s) and"
>                 " its target '%s' (%s..%s)",
>                 cmd->ref_name, cmd_oldh, cmd_newh,
> --
> 1.7.1.msysgit.0.2.g2fefc8
>
>

Re: [PATCH] Fix strcat() on uninitialized memory

[Johannes Schindelin]

Hi,

On Mon, 14 Jun 2010, Jay Soffian wrote:

> Thanks, this was caught last week and patch posted by Thomas:
> 
> http://marc.info/?l=git&m=127619546001346&w=2

Great. So it was caught. Why was it not even in 'next', so I wasted my 
time finding the bug?

Anyway, it is in 4msysgit.git's 'devel' branch. So its fixed now.

Frustrated,
Dscho

Re: [PATCH] Fix strcat() on uninitialized memory

[Jay Soffian]

On Mon, Jun 14, 2010 at 1:05 PM, Johannes Schindelin
<Johannes.Schindelin@gmx.de> wrote:
> Great. So it was caught. Why was it not even in 'next', so I wasted my
> time finding the bug?

Junio recently switched jobs and is perhaps a bit behind.

> Anyway, it is in 4msysgit.git's 'devel' branch. So its fixed now.
>
> Frustrated,

Sorry for the original bug. I'm still not sure how I made such a
boneheaded mistake. It looks like I might have stupidly copy/pasted
the matching lines from builtin/fetch.c of "git grep
find_unique_abbrev" output.

j.