diff options
| author | Nguyễn Thái Ngọc Duy <pclouds@gmail.com> | 2011-02-14 20:02:51 +0700 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2011-02-16 10:05:14 -0800 |
| commit | 855942528e892cff3cadb4eb1c4cf1d2a7cd83de (patch) | |
| tree | f93a9d2da50b7d655fbb9b2675c4df8e8f249121 | |
| parent | 24231e063f0f003f8ffd7b64c7ba6a0baaaa5283 (diff) | |
| download | git-855942528e892cff3cadb4eb1c4cf1d2a7cd83de.tar.gz | |
parse_tag_buffer(): do not prefixcmp() out of range
There is a check (size < 64) at the beginning of the function, but
that only covers object+type lines.
Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| -rw-r--r-- | tag.c | 6 |
1 files changed, 4 insertions, 2 deletions
@@ -97,7 +97,9 @@ int parse_tag_buffer(struct tag *item, const void *data, unsigned long size) item->tagged = NULL; } - if (prefixcmp(bufptr, "tag ")) + if (bufptr + 4 < tail && !prefixcmp(bufptr, "tag ")) + ; /* good */ + else return -1; bufptr += 4; nl = memchr(bufptr, '\n', tail - bufptr); @@ -106,7 +108,7 @@ int parse_tag_buffer(struct tag *item, const void *data, unsigned long size) item->tag = xmemdupz(bufptr, nl - bufptr); bufptr = nl + 1; - if (!prefixcmp(bufptr, "tagger ")) + if (bufptr + 7 < tail && !prefixcmp(bufptr, "tagger ")) item->date = parse_tag_date(bufptr, tail); else item->date = 0; |