summaryrefslogtreecommitdiff
path: root/t/t0200
diff options
context:
space:
mode:
authorLibravatar Johannes Schindelin <johannes.schindelin@gmx.de>2016-09-21 20:23:22 +0200
committerLibravatar Junio C Hamano <gitster@pobox.com>2016-09-21 13:56:15 -0700
commitdb5dfa331480650c1f889db3cb32a0272dc72ec6 (patch)
treebad1521b8797ecd860f51c5401a42e9abacea089 /t/t0200
parentGit 2.8.4 (diff)
downloadtgif-db5dfa331480650c1f889db3cb32a0272dc72ec6.tar.xz
regex: -G<pattern> feeds a non NUL-terminated string to regexec() and fails
When our pickaxe code feeds file contents to regexec(), it implicitly assumes that the file contents are read into implicitly NUL-terminated buffers (i.e. that we overallocate by 1, appending a single '\0'). This is not so. In particular when the file contents are simply mmap()ed, we can be virtually certain that the buffer is preceding uninitialized bytes, or invalid pages. Note that the test we add here is known to be flakey: we simply cannot know whether the byte following the mmap()ed ones is a NUL or not. Typically, on Linux the test passes. On Windows, it fails virtually every time due to an access violation (that's a segmentation fault for you Unix-y people out there). And Windows would be correct: the regexec() call wants to operate on a regular, NUL-terminated string, there is no NUL in the mmap()ed memory range, and it is undefined whether the next byte is even legal to access. When run with --valgrind it demonstrates quite clearly the breakage, of course. Being marked with `test_expect_failure`, this test will sometimes be declare "TODO fixed", even if it only passes by mistake. This test case represents a Minimal, Complete and Verifiable Example of a breakage reported by Chris Sidi. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 't/t0200')
0 files changed, 0 insertions, 0 deletions