summaryrefslogtreecommitdiff
path: root/t/t5000-tar-tree.sh
diff options
context:
space:
mode:
authorLibravatar Jim Meyering <jim@meyering.net>2011-05-20 19:20:12 +0200
committerLibravatar Junio C Hamano <gitster@pobox.com>2011-05-20 11:39:49 -0700
commit42536dd9b9829b4eb4e3706e141b3c8bffa3e826 (patch)
treedb640fa331f2b513c593eda286400c2086c9ec5a /t/t5000-tar-tree.sh
parentt4034 (diff --word-diff): add a minimum Perl drier test vector (diff)
downloadtgif-42536dd9b9829b4eb4e3706e141b3c8bffa3e826.tar.xz
do not read beyond end of malloc'd buffer
With diff.suppress-blank-empty=true, "git diff --word-diff" would output data that had been read from uninitialized heap memory. The problem was that fn_out_consume did not account for the possibility of a line with length 1, i.e., the empty context line that diff.suppress-blank-empty=true converts from " \n" to "\n". Since it assumed there would always be a prefix character (the space), it decremented "len" unconditionally, thus passing len=0 to emit_line, which would then blindly call emit_line_0 with len=-1 which would pass that value on to fwrite as SIZE_MAX. Boom. Signed-off-by: Jim Meyering <meyering@redhat.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 't/t5000-tar-tree.sh')
0 files changed, 0 insertions, 0 deletions