* diff_tree_stdin
@ 2005-10-12 1:46 Morten Welinder
2005-10-13 7:11 ` diff_tree_stdin Junio C Hamano
0 siblings, 1 reply; 3+ messages in thread
From: Morten Welinder @ 2005-10-12 1:46 UTC (permalink / raw)
To: GIT Mailing List
It looks like diff_tree_stdin can overrun the this_header buffer. Since the
line length is already calculated, a check would be cheap.
Morten
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: diff_tree_stdin
2005-10-12 1:46 diff_tree_stdin Morten Welinder
@ 2005-10-13 7:11 ` Junio C Hamano
2005-10-13 15:01 ` diff_tree_stdin Morten Welinder
0 siblings, 1 reply; 3+ messages in thread
From: Junio C Hamano @ 2005-10-13 7:11 UTC (permalink / raw)
To: Morten Welinder; +Cc: git
Morten Welinder <mwelinder@gmail.com> writes:
> It looks like diff_tree_stdin can overrun the this_header buffer. Since the
> line length is already calculated, a check would be cheap.
I presume you are talking about "line", not this_header[], since
you are talking about something whose length is already
calculated.
The output buffer this_header[] only ever gets two 40-byte SHA1
and a handful more, so probably 128 bytes would be big enough --
the current 1000 is overkill.
The input line[] is first NUL terminated before getting scanned,
and scanning with get_sha1_hex() stops immediately when we see
NUL, and premature NUL makes it fail, so the first
get_sha1_hex() would not overrun. If the first SHA1 is followed
by garbage then the second get_sha1_hex() would not succeed
without overrunning either. If line[40] is NUL then we do not
even do the second get_sha1_hex() --- in any case I do not see
overrun.
I am getting tired (it _was_ my GIT day, but unfortunately I had
to be worried about another day-job project during the day X-<),
and I might probably be overlooking something fairly obvious to
you. Care to explain?
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: diff_tree_stdin
2005-10-13 7:11 ` diff_tree_stdin Junio C Hamano
@ 2005-10-13 15:01 ` Morten Welinder
0 siblings, 0 replies; 3+ messages in thread
From: Morten Welinder @ 2005-10-13 15:01 UTC (permalink / raw)
To: Junio C Hamano; +Cc: git
> I presume you are talking about "line", not this_header[], since
> you are talking about something whose length is already
> calculated.
I was talking about this_header. It gets slightly more than the length
of "line" which is whatever came in from stdin, subject to a 1000 char
limit.
Morten
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-10-13 15:01 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-10-12 1:46 diff_tree_stdin Morten Welinder
2005-10-13 7:11 ` diff_tree_stdin Junio C Hamano
2005-10-13 15:01 ` diff_tree_stdin Morten Welinder
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).