development/git
development/git
1
0
Fork 0
mirror of https://github.com/git/git synced 2024-10-01 06:05:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

cache-tree: replace a sscanf() by two strtol() calls

Browse source 
On one of my systems, sscanf() first calls strlen() on the buffer. But
this buffer is not terminated by NUL. So git crashed.

strtol() does not share that problem, as it stops reading after the
first non-digit.

[jc: original patch was wrong and did not read the cache-tree
 structure correctly; this has been fixed up and tested minimally
 with fsck-objects. ]

Signed-off-by: Johannes Schindelin <Johannes.Schindelin@gmx.de>
Signed-off-by: Junio C Hamano <junkio@cox.net>
This commit is contained in:
Johannes Schindelin 2006-05-02 03:31:02 +02:00 committed by Junio C Hamano
parent 7bc70a590d
commit 0111ea38cb
1 changed files with 10 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
cache-tree.c
View file

@ -440,6 +440,8 @@ static struct cache_tree *read_one(const char **buffer, unsigned long *size_p)
{
const char *buf = *buffer;
unsigned long size = *size_p;
const char *cp;
char *ep;
struct cache_tree *it;
int i, subtree_nr;
@ -453,7 +455,14 @@ static struct cache_tree *read_one(const char **buffer, unsigned long *size_p)
goto free_return;
buf++; size--;
it = cache_tree();
if (sscanf(buf, "%d %d\n", &it->entry_count, &subtree_nr) != 2)
cp = buf;
it->entry_count = strtol(cp, &ep, 10);
if (cp == ep)
goto free_return;
cp = ep;
subtree_nr = strtol(cp, &ep, 10);
if (cp == ep)
goto free_return;
while (size && *buf && *buf != '\n') {
size--;