diff options
author | Nguyễn Thái Ngọc Duy <pclouds@gmail.com> | 2014-08-10 14:05:21 +0700 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2014-08-11 11:52:22 -0700 |
commit | 430875969a5229c1d306e4cc5acc8c8afe2b50a3 (patch) | |
tree | 294c02ed6043b05aadb2d643020de2bbfc0b32b6 /Documentation/RelNotes/1.8.4.2.txt | |
parent | Git 2.0.4 (diff) | |
download | tgif-430875969a5229c1d306e4cc5acc8c8afe2b50a3.tar.xz |
utf8.c: fix strbuf_utf8_replace() consuming data beyond input string
The main loop in strbuf_utf8_replace() could summed up as:
while ('src' is still valid) {
1) advance 'src' to copy ANSI escape sequences
2) advance 'src' to copy/replace visible characters
}
The problem is after #1, 'src' may have reached the end of the string
(so 'src' points to NUL) and #2 will continue to copy that NUL as if
it's a normal character. Because the output is stored in a strbuf,
this NUL accounted in the 'len' field as well. Check after #1 and
break the loop if necessary.
The test does not look obvious, but the combination of %>>() should
make a call trace like this
show_log()
pretty_print_commit()
format_commit_message()
strbuf_expand()
format_commit_item()
format_and_pad_commit()
strbuf_utf8_replace()
where %C(auto)%d would insert a color reset escape sequence in the end
of the string given to strbuf_utf8_replace() and show_log() uses
fwrite() to send everything to stdout (including the incorrect NUL
inserted by strbuf_utf8_replace)
Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'Documentation/RelNotes/1.8.4.2.txt')
0 files changed, 0 insertions, 0 deletions