diff options
| author | Junio C Hamano <gitster@pobox.com> | 2016-09-26 16:09:19 -0700 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2016-09-26 16:09:19 -0700 |
| commit | 6a67695268562f67babdb7d5195c8a43cc4015fa (patch) | |
| tree | b5bbacc08e466f6de62cf2e9fd450d71ef0ea6c7 /diff.c | |
| parent | 31b83f361bd962e9c5f96bf7714051d77f592af2 (diff) | |
| parent | b7d36ffca02c23f545d6e098d78180e6e72dfd8d (diff) | |
| download | git-6a67695268562f67babdb7d5195c8a43cc4015fa.tar.gz | |
Merge branch 'js/regexec-buf'
Some codepaths in "git diff" used regexec(3) on a buffer that was
mmap(2)ed, which may not have a terminating NUL, leading to a read
beyond the end of the mapped region. This was fixed by introducing
a regexec_buf() helper that takes a <ptr,len> pair with REG_STARTEND
extension.
* js/regexec-buf:
regex: use regexec_buf()
regex: add regexec_buf() that can work on a non NUL-terminated string
regex: -G<pattern> feeds a non NUL-terminated string to regexec() and fails
Diffstat (limited to 'diff.c')
| -rw-r--r-- | diff.c | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -971,7 +971,8 @@ static int find_word_boundaries(mmfile_t *buffer, regex_t *word_regex, { if (word_regex && *begin < buffer->size) { regmatch_t match[1]; - if (!regexec(word_regex, buffer->ptr + *begin, 1, match, 0)) { + if (!regexec_buf(word_regex, buffer->ptr + *begin, + buffer->size - *begin, 1, match, 0)) { char *p = memchr(buffer->ptr + *begin + match[0].rm_so, '\n', match[0].rm_eo - match[0].rm_so); *end = p ? p - buffer->ptr : match[0].rm_eo + *begin; |