diff options
author | Martin Koegler <mkoegler@auto.tuwien.ac.at> | 2008-01-06 20:03:10 +0100 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2008-01-06 18:41:44 -0800 |
commit | a0393ef67679ea7720290bd45d9d628920df59f3 (patch) | |
tree | fc6b9ce6502087710dadcaa4b2d1f65262c77a3c | |
parent | Documentation: rename gitlink macro to linkgit (diff) | |
download | tgif-a0393ef67679ea7720290bd45d9d628920df59f3.tar.xz |
parse_tag_buffer: don't parse invalid tags
The current tag parsing code can access memory outside the tag buffer,
if \n are missing. This patch prevent this behaviour.
Signed-off-by: Martin Koegler <mkoegler@auto.tuwien.ac.at>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r-- | tag.c | 5 |
1 files changed, 3 insertions, 2 deletions
@@ -39,6 +39,7 @@ int parse_tag_buffer(struct tag *item, void *data, unsigned long size) unsigned char sha1[20]; const char *type_line, *tag_line, *sig_line; char type[20]; + const char *start = data; if (item->object.parsed) return 0; @@ -53,11 +54,11 @@ int parse_tag_buffer(struct tag *item, void *data, unsigned long size) if (memcmp("\ntype ", type_line-1, 6)) return -1; - tag_line = strchr(type_line, '\n'); + tag_line = memchr(type_line, '\n', size - (type_line - start)); if (!tag_line || memcmp("tag ", ++tag_line, 4)) return -1; - sig_line = strchr(tag_line, '\n'); + sig_line = memchr(tag_line, '\n', size - (tag_line - start)); if (!sig_line) return -1; sig_line++; |