Skip to content

Commit

Permalink
mingw: fix possible buffer overrun when calling GetUserNameW()
Browse files Browse the repository at this point in the history 
In 39a98e9 (mingw: get pw_name in UTF-8 format, 2019-06-27), this
developer missed the fact that the `GetUserNameW()` function takes the
number of characters as `len` parameter, not the number of bytes.

Reported-by: Beat Bolli <dev+git@drbeat.li>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
  • Loading branch information
@dscho @gitster
dscho authored and gitster committed Jul 8, 2019
1 parent 9423885 commit 697bdd2
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion compat/mingw.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1952,7 +1952,7 @@ struct passwd *getpwuid(int uid)
if (initialized)
return p;

len = sizeof(buf);
len = ARRAY_SIZE(buf);
if (!GetUserNameW(buf, &len)) {
initialized = 1;
return NULL;
Expand Down

0 comments on commit 697bdd2

Please sign in to comment.