diff options
author | Markus Heidelberg <markus.heidelberg@web.de> | 2010-02-28 16:49:15 +0100 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2010-02-28 10:32:06 -0800 |
commit | 77e8466fb98b95ea07d386d64073d0bc6304b37f (patch) | |
tree | 12a70eb49e37550f5f059fa95e58a8351a6672b7 | |
parent | 64da6e20de1f2246e2d8d9d85e53ca3cbf393212 (diff) | |
download | git-77e8466fb98b95ea07d386d64073d0bc6304b37f.tar.gz |
sha1_name: fix segfault caused by invalid index access
The code to see if user input "git show :path" makes sense tried to access
the index without properly checking the array bound.
Signed-off-by: Markus Heidelberg <markus.heidelberg@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r-- | sha1_name.c | 32 |
1 files changed, 18 insertions, 14 deletions
diff --git a/sha1_name.c b/sha1_name.c index 43884c69b3..bf92417838 100644 --- a/sha1_name.c +++ b/sha1_name.c @@ -992,13 +992,15 @@ static void diagnose_invalid_index_path(int stage, pos = cache_name_pos(filename, namelen); if (pos < 0) pos = -pos - 1; - ce = active_cache[pos]; - if (ce_namelen(ce) == namelen && - !memcmp(ce->name, filename, namelen)) - die("Path '%s' is in the index, but not at stage %d.\n" - "Did you mean ':%d:%s'?", - filename, stage, - ce_stage(ce), filename); + if (pos < active_nr) { + ce = active_cache[pos]; + if (ce_namelen(ce) == namelen && + !memcmp(ce->name, filename, namelen)) + die("Path '%s' is in the index, but not at stage %d.\n" + "Did you mean ':%d:%s'?", + filename, stage, + ce_stage(ce), filename); + } /* Confusion between relative and absolute filenames? */ fullnamelen = namelen + strlen(prefix); @@ -1008,13 +1010,15 @@ static void diagnose_invalid_index_path(int stage, pos = cache_name_pos(fullname, fullnamelen); if (pos < 0) pos = -pos - 1; - ce = active_cache[pos]; - if (ce_namelen(ce) == fullnamelen && - !memcmp(ce->name, fullname, fullnamelen)) - die("Path '%s' is in the index, but not '%s'.\n" - "Did you mean ':%d:%s'?", - fullname, filename, - ce_stage(ce), fullname); + if (pos < active_nr) { + ce = active_cache[pos]; + if (ce_namelen(ce) == fullnamelen && + !memcmp(ce->name, fullname, fullnamelen)) + die("Path '%s' is in the index, but not '%s'.\n" + "Did you mean ':%d:%s'?", + fullname, filename, + ce_stage(ce), fullname); + } if (!lstat(filename, &st)) die("Path '%s' exists on disk, but not in the index.", filename); |