When parsing "index" lines from a git-diff, we look for a
space followed by the mode. If we don't have a space, then
we set our pointer to the end-of-line. However, we don't
double-check that our end-of-line pointer is valid (e.g., if
we got a truncated diff input), which could lead to some
wrap-around pointer arithmetic.
In most cases this would probably get caught by our "40 <
len" check later in the function, but to be on the safe
side, let's just use strchrnul to treat end-of-string the
same as end-of-line.
Signed-off-by: Jeff King <p...@peff.net>
---
builtin/apply.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/builtin/apply.c b/builtin/apply.c
index 9f8f5ba..be2b4ce 100644
--- a/builtin/apply.c
+++ b/builtin/apply.c
@@ -1075,7 +1075,7 @@ static int gitdiff_index(const char *line, struct patch
*patch)
line = ptr + 2;
ptr = strchr(line, ' ');
- eol = strchr(line, '\n');
+ eol = strchrnul(line, '\n');
if (!ptr || eol < ptr)
ptr = eol;
--
2.0.0.566.gfe3e6b2
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
