summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeff King <peff@peff.net>2012-05-22 00:52:17 -0400
committerJunio C Hamano <gitster@pobox.com>2012-05-22 12:53:42 -0700
commita9c7a8a8bef30bbbf87e0d4c0e64d50c676f70ed (patch)
tree8b8e1603495b68f17a20ba910f39e1ab45045db3
parentd0f1ea6003d97e63110fa7d50bb07f546a909b6e (diff)
downloadgit-a9c7a8a8bef30bbbf87e0d4c0e64d50c676f70ed.tar.gz
avoid segfault when reading header of malformed commits
If a commit object has a header line at the end of the buffer that is missing its newline (or if it appears so because the content on the header line contains a stray NUL), then git will segfault. Interestingly, this case is explicitly handled and we do correctly scan the final line for the header we are looking for. But if we don't find it, we will dereference NULL while trying to look at the next line. Git will never generate such a commit, but it's good to be defensive. We could die() in such a case, but since it's easy enough to handle it gracefully, let's just issue a warning and continue (so you could still view such a commit with "git show", though you might be missing headers after the NUL). Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r--pretty.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/pretty.c b/pretty.c
index 8688b8f2d4..cee77e48f3 100644
--- a/pretty.c
+++ b/pretty.c
@@ -439,12 +439,14 @@ static char *get_header(const struct commit *commit, const char *key)
int key_len = strlen(key);
const char *line = commit->buffer;
- for (;;) {
+ while (line) {
const char *eol = strchr(line, '\n'), *next;
if (line == eol)
return NULL;
if (!eol) {
+ warning("malformed commit (header is missing newline): %s",
+ sha1_to_hex(commit->object.sha1));
eol = line + strlen(line);
next = NULL;
} else
@@ -456,6 +458,7 @@ static char *get_header(const struct commit *commit, const char *key)
}
line = next;
}
+ return NULL;
}
static char *replace_encoding_header(char *buf, const char *encoding)