summaryrefslogtreecommitdiff
path: root/diff.c
diff options
context:
space:
mode:
authorJunio C Hamano <gitster@pobox.com>2016-09-29 16:49:44 -0700
committerJunio C Hamano <gitster@pobox.com>2016-09-29 16:49:45 -0700
commit300e95f7df240a0f6efea09d5e21fcc350e5ce83 (patch)
tree0b2a114656894e4177030ad6019e5581b3981d4c /diff.c
parentd336b675680c7d4adc9f7190b7974b2ef10c0af4 (diff)
parentb7d36ffca02c23f545d6e098d78180e6e72dfd8d (diff)
downloadgit-300e95f7df240a0f6efea09d5e21fcc350e5ce83.tar.gz
Merge branch 'js/regexec-buf' into maint
Some codepaths in "git diff" used regexec(3) on a buffer that was mmap(2)ed, which may not have a terminating NUL, leading to a read beyond the end of the mapped region. This was fixed by introducing a regexec_buf() helper that takes a <ptr,len> pair with REG_STARTEND extension. * js/regexec-buf: regex: use regexec_buf() regex: add regexec_buf() that can work on a non NUL-terminated string regex: -G<pattern> feeds a non NUL-terminated string to regexec() and fails
Diffstat (limited to 'diff.c')
-rw-r--r--diff.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/diff.c b/diff.c
index cc8e81290a..7a4309397c 100644
--- a/diff.c
+++ b/diff.c
@@ -949,7 +949,8 @@ static int find_word_boundaries(mmfile_t *buffer, regex_t *word_regex,
{
if (word_regex && *begin < buffer->size) {
regmatch_t match[1];
- if (!regexec(word_regex, buffer->ptr + *begin, 1, match, 0)) {
+ if (!regexec_buf(word_regex, buffer->ptr + *begin,
+ buffer->size - *begin, 1, match, 0)) {
char *p = memchr(buffer->ptr + *begin + match[0].rm_so,
'\n', match[0].rm_eo - match[0].rm_so);
*end = p ? p - buffer->ptr : match[0].rm_eo + *begin;