summaryrefslogtreecommitdiff
path: root/Documentation/howto
diff options
context:
space:
mode:
authorLibravatar Johannes Schindelin <johannes.schindelin@gmx.de>2017-04-13 21:21:58 +0200
committerLibravatar Junio C Hamano <gitster@pobox.com>2017-04-13 17:53:08 -0700
commit882add136fa8319832ef373b8797ef58edb80efc (patch)
treee36f9c09c1461ff5c06e047946f4eac680184413 /Documentation/howto
parentdifftool: avoid strcpy (diff)
downloadtgif-882add136fa8319832ef373b8797ef58edb80efc.tar.xz
difftool: fix use-after-free
The left and right base directories were pointed to the buf field of two strbufs, which were subject to change. A contrived test case shows the problem where a file with a long enough name to force the strbuf to grow is up-to-date (hence the code path is used where the work tree's version of the file is reused), and then a file that is not up-to-date needs to be written (hence the code path is used where checkout_entry() uses the previously recorded base_dir that is invalid by now). Let's just copy the base_dir strings for use with checkout_entry(), never touch them until the end, and release them then. This is an easily verifiable fix (as opposed to the next-obvious alternative: to re-set base_dir after every loop iteration). This fixes https://github.com/git-for-windows/git/issues/1124 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Reviewed-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'Documentation/howto')
0 files changed, 0 insertions, 0 deletions