From dc4179f9a76473176eb473f6f568b0006c823fba Mon Sep 17 00:00:00 2001 From: Deskin Miller Date: Mon, 22 Sep 2008 11:06:41 -0400 Subject: maint: check return of split_cmdline to avoid bad config strings As the testcase demonstrates, it's possible for split_cmdline to return -1 and deallocate any memory it's allocated, if the config string is missing an end quote. In both the cases below, which are the only calling sites, the return isn't checked, and using the pointer causes a pretty immediate segfault. Signed-off-by: Deskin Miller Acked-by: Miklos Vajna Signed-off-by: Shawn O. Pearce --- builtin-merge.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'builtin-merge.c') diff --git a/builtin-merge.c b/builtin-merge.c index b280444e10..dcaf3681dc 100644 --- a/builtin-merge.c +++ b/builtin-merge.c @@ -442,6 +442,8 @@ static int git_merge_config(const char *k, const char *v, void *cb) buf = xstrdup(v); argc = split_cmdline(buf, &argv); + if (argc < 0) + die("Bad branch.%s.mergeoptions string", branch); argv = xrealloc(argv, sizeof(*argv) * (argc + 2)); memmove(argv + 1, argv, sizeof(*argv) * (argc + 1)); argc++; -- cgit v1.2.3