Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
revparse: fix parsing bug for trailing
@
When parsing a revspec that ends with a trailing `@`, explicitly stop parsing. Introduce a sentinel variable to explicitly stop parsing. Prior to this, we would set `spec` to `HEAD`, but were looping on the value of `spec[pos]`, so we would continue walking the (new) `spec` at offset `pos`, looking for a NUL. This is obviously an out-of-bounds read. Credit to Michael Rodler (@f0rki) and Amazon AWS Security.
- Loading branch information