summaryrefslogtreecommitdiff
path: root/fast-import.c
diff options
context:
space:
mode:
authorJeff King <peff@peff.net>2014-06-18 15:46:15 -0400
committerJunio C Hamano <gitster@pobox.com>2014-06-20 10:44:44 -0700
commitff45c0d4a316d620d118ec628dd8e78597a23321 (patch)
treef1d6e5018ef25b0b0b3f79fa0cbbf7508a0a3bf3 /fast-import.c
parentce2ecf29241ca90655da37918044cbbaff48a2bd (diff)
downloadgit-ff45c0d4a316d620d118ec628dd8e78597a23321.tar.gz
fast-import: fix read of uninitialized argv memory
Fast-import shares code between its command-line parser and the "option" command. To do so, it strips the "--" from any command-line options and passes them to the option parser. However, it does not confirm that the option even begins with "--" before blindly passing "arg + 2". It does confirm that the option starts with "-", so the only affected case was: git fast-import - which would read uninitialized memory after the argument. We can fix it by using skip_prefix and checking the result. As a bonus, this gets rid of some magic numbers. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'fast-import.c')
-rw-r--r--fast-import.c13
1 files changed, 8 insertions, 5 deletions
diff --git a/fast-import.c b/fast-import.c
index 6707a66471..b2030ccfb4 100644
--- a/fast-import.c
+++ b/fast-import.c
@@ -3342,18 +3342,21 @@ static void parse_argv(void)
if (*a != '-' || !strcmp(a, "--"))
break;
- if (parse_one_option(a + 2))
+ if (!skip_prefix(a, "--", &a))
+ die("unknown option %s", a);
+
+ if (parse_one_option(a))
continue;
- if (parse_one_feature(a + 2, 0))
+ if (parse_one_feature(a, 0))
continue;
- if (starts_with(a + 2, "cat-blob-fd=")) {
- option_cat_blob_fd(a + 2 + strlen("cat-blob-fd="));
+ if (skip_prefix(a, "cat-blob-fd=", &a)) {
+ option_cat_blob_fd(a);
continue;
}
- die("unknown option %s", a);
+ die("unknown option --%s", a);
}
if (i != global_argc)
usage(fast_import_usage);