summaryrefslogtreecommitdiff
path: root/git-gui/lib/remote.tcl
diff options
context:
space:
mode:
authorLibravatar Jeff King <peff@peff.net>2014-06-19 17:30:26 -0400
committerLibravatar Junio C Hamano <gitster@pobox.com>2014-06-19 15:20:56 -0700
commit45bc131dd3e1eb6edd903957cf9d42f37ad02181 (patch)
tree85c02d938724708082007c69351a1f938bdc6766 /git-gui/lib/remote.tcl
parentwalker_fetch: fix minor memory leak (diff)
downloadtgif-45bc131dd3e1eb6edd903957cf9d42f37ad02181.tar.xz
unique_path: fix unlikely heap overflow
When merge-recursive creates a unique filename, it uses a template like: path~branch_%d where the final "_%d" is filled by an incrementing counter until we find a unique name. We allocate 8 characters for the counter, but there is no logic to limit the size of the integer. Of course, this is extremely unlikely, as you would need a hundred million collisions to trigger the problem. Even if an attacker constructed a specialized repo, it is unlikely that the victim would have the patience to run the merge. However, we can make it trivially correct (and hopefully more readable) by using a strbuf. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'git-gui/lib/remote.tcl')
0 files changed, 0 insertions, 0 deletions