diff options
| author |  Junio C Hamano <gitster@pobox.com> | 2013-09-18 11:48:30 -0700 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2013-09-18 11:48:54 -0700 |
| commit | 34e8d9982a6b564aa5a563c992e5c40340d66e3e (patch) | |
| tree | e2a8e9d973cec40448739e77a8e139340385aaf4 | |
| parent | Merge branch 'jc/cvsserver-perm-bit-fix' (diff) | |
| parent | urlmatch.c: recompute pointer after append_normalized_escapes (diff) | |
| download | tgif-34e8d9982a6b564aa5a563c992e5c40340d66e3e.tar.xz | |
Merge branch 'jc/url-match'
While normalizing a URL, we forgot that the buffer that holds it
could be relocated when it grows, which was a brown-paper-bag bug
that can lead to a crash introduced on 'master' post 1.8.4 release.
* jc/url-match:
urlmatch.c: recompute pointer after append_normalized_escapes
| -rw-r--r-- | urlmatch.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/urlmatch.c b/urlmatch.c index 1db76c89bc..ec87cba750 100644 --- a/urlmatch.c +++ b/urlmatch.c @@ -281,9 +281,11 @@ char *url_normalize(const char *url, struct url_info *out_info) url_len--; } for (;;) { - const char *seg_start = norm.buf + norm.len; + const char *seg_start; + size_t seg_start_off = norm.len; const char *next_slash = url + strcspn(url, "/?#"); int skip_add_slash = 0; + /* * RFC 3689 indicates that any . or .. segments should be * unescaped before being checked for. @@ -297,6 +299,8 @@ char *url_normalize(const char *url, struct url_info *out_info) strbuf_release(&norm); return NULL; } + + seg_start = norm.buf + seg_start_off; if (!strcmp(seg_start, ".")) { /* ignore a . segment; be careful not to remove initial '/' */ if (seg_start == path_start + 1) { |