Skip to content

Commit

Permalink
diff: avoid stack-buffer-read-overrun for very long name
Browse files Browse the repository at this point in the history 
Due to the use of strncpy without explicit NUL termination,
we could end up passing names n1 or n2 that are not NUL-terminated
to queue_diff, which requires NUL-terminated strings.
Ensure that each is NUL terminated.

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
  • Loading branch information
@meyering @gitster
meyering authored and gitster committed Apr 16, 2012
1 parent 6eab5f2 commit 48e510b
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions diff-no-index.c
View file
Expand Up @@ -109,6 +109,7 @@ static int queue_diff(struct diff_options *o,
n1 = buffer1;
strncpy(buffer1 + len1, p1.items[i1++].string,
PATH_MAX - len1);
buffer1[PATH_MAX-1] = 0;
}

if (comp < 0)
Expand All @@ -117,6 +118,7 @@ static int queue_diff(struct diff_options *o,
n2 = buffer2;
strncpy(buffer2 + len2, p2.items[i2++].string,
PATH_MAX - len2);
buffer2[PATH_MAX-1] = 0;
}

ret = queue_diff(o, n1, n2);
Expand Down

0 comments on commit 48e510b

Please sign in to comment.