diff options
| author |  Jim Meyering <jim@meyering.net> | 2012-04-16 17:20:02 +0200 |
|---|---|---|
| committer |  Junio C Hamano <gitster@pobox.com> | 2012-04-16 10:10:25 -0700 |
| commit | 48e510b6a29b1066016cbbee75c0b196174a88d4 (patch) | |
| tree | fe568b4ff1151c6f067383bf4594df728d45ea6c | |
| parent | Merge branch 'maint-1.7.8' into maint-1.7.9 (diff) | |
| download | tgif-48e510b6a29b1066016cbbee75c0b196174a88d4.tar.xz | |
diff: avoid stack-buffer-read-overrun for very long name
Due to the use of strncpy without explicit NUL termination,
we could end up passing names n1 or n2 that are not NUL-terminated
to queue_diff, which requires NUL-terminated strings.
Ensure that each is NUL terminated.
Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| -rw-r--r-- | diff-no-index.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/diff-no-index.c b/diff-no-index.c index 3a36144687..5cd3ff5848 100644 --- a/diff-no-index.c +++ b/diff-no-index.c @@ -109,6 +109,7 @@ static int queue_diff(struct diff_options *o, n1 = buffer1; strncpy(buffer1 + len1, p1.items[i1++].string, PATH_MAX - len1); + buffer1[PATH_MAX-1] = 0; } if (comp < 0) @@ -117,6 +118,7 @@ static int queue_diff(struct diff_options *o, n2 = buffer2; strncpy(buffer2 + len2, p2.items[i2++].string, PATH_MAX - len2); + buffer2[PATH_MAX-1] = 0; } ret = queue_diff(o, n1, n2); |