mirror of
https://github.com/git/git
synced 2024-10-01 06:05:20 +00:00
cache-tree: replace a sscanf() by two strtol() calls
On one of my systems, sscanf() first calls strlen() on the buffer. But this buffer is not terminated by NUL. So git crashed. strtol() does not share that problem, as it stops reading after the first non-digit. [jc: original patch was wrong and did not read the cache-tree structure correctly; this has been fixed up and tested minimally with fsck-objects. ] Signed-off-by: Johannes Schindelin <Johannes.Schindelin@gmx.de> Signed-off-by: Junio C Hamano <junkio@cox.net>
This commit is contained in:
parent
7bc70a590d
commit
0111ea38cb
11
cache-tree.c
11
cache-tree.c
|
@ -440,6 +440,8 @@ static struct cache_tree *read_one(const char **buffer, unsigned long *size_p)
|
|||
{
|
||||
const char *buf = *buffer;
|
||||
unsigned long size = *size_p;
|
||||
const char *cp;
|
||||
char *ep;
|
||||
struct cache_tree *it;
|
||||
int i, subtree_nr;
|
||||
|
||||
|
@ -453,7 +455,14 @@ static struct cache_tree *read_one(const char **buffer, unsigned long *size_p)
|
|||
goto free_return;
|
||||
buf++; size--;
|
||||
it = cache_tree();
|
||||
if (sscanf(buf, "%d %d\n", &it->entry_count, &subtree_nr) != 2)
|
||||
|
||||
cp = buf;
|
||||
it->entry_count = strtol(cp, &ep, 10);
|
||||
if (cp == ep)
|
||||
goto free_return;
|
||||
cp = ep;
|
||||
subtree_nr = strtol(cp, &ep, 10);
|
||||
if (cp == ep)
|
||||
goto free_return;
|
||||
while (size && *buf && *buf != '\n') {
|
||||
size--;
|
||||
|
|
Loading…
Reference in a new issue