diff options
author | Junio C Hamano <gitster@pobox.com> | 2014-09-11 10:33:34 -0700 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2014-09-11 10:33:34 -0700 |
commit | b6a1261751c7f9d9a04a57585c305f3b0e0f378e (patch) | |
tree | 268da0728b5b7265ed0d355b5fb321208ba09adf | |
parent | Merge branch 'jk/prune-top-level-refs-after-packing' (diff) | |
parent | fast-import: fix buffer overflow in dump_tags (diff) | |
download | tgif-b6a1261751c7f9d9a04a57585c305f3b0e0f378e.tar.xz |
Merge branch 'jk/fast-import-fixes'
With sufficiently long refnames, fast-import could have overflown
an on-stack buffer.
* jk/fast-import-fixes:
fast-import: fix buffer overflow in dump_tags
fast-import: clean up pack_data pointer in end_packfile
-rw-r--r-- | fast-import.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/fast-import.c b/fast-import.c index 2b31053e0d..c071253c90 100644 --- a/fast-import.c +++ b/fast-import.c @@ -946,10 +946,12 @@ static void unkeep_all_packs(void) static void end_packfile(void) { - struct packed_git *old_p = pack_data, *new_p; + if (!pack_data) + return; clear_delta_base_cache(); if (object_count) { + struct packed_git *new_p; unsigned char cur_pack_sha1[20]; char *idx_name; int i; @@ -991,10 +993,11 @@ static void end_packfile(void) pack_id++; } else { - close(old_p->pack_fd); - unlink_or_warn(old_p->pack_name); + close(pack_data->pack_fd); + unlink_or_warn(pack_data->pack_name); } - free(old_p); + free(pack_data); + pack_data = NULL; /* We can't carry a delta across packfiles. */ strbuf_release(&last_blob.data); |