diff options
| author | Patrick Steinhardt <ps@pks.im> | 2020-06-08 12:54:26 +0200 |
|---|---|---|
| committer | Patrick Steinhardt <ps@pks.im> | 2020-06-08 12:54:26 +0200 |
| commit | c146374ce8efb6585a507484bf8f90f2c27a51fb (patch) | |
| tree | 680ba83b27915493cb335934a905a6922768ed1c | |
| parent | c708e5e51d8f6aae517a861c380861c3caf18eb6 (diff) | |
| download | libgit2-c146374ce8efb6585a507484bf8f90f2c27a51fb.tar.gz | |
revparse: detect out-of-memory cases when parsing curly brace contents
When extracting curly braces (e.g. the "upstream" part in
"HEAD@{upstream}"), we put the curly braces' contents into a `git_buf`
structure, but don't check the return value of `git_buf_putc`. So when
we run out-of-memory, we'll use a partially filled buffer without
noticing.
Let's fix this issue by checking `git_buf_putc`'s return value.
| -rw-r--r-- | src/revparse.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/revparse.c b/src/revparse.c index c627de67c..9b73d33ed 100644 --- a/src/revparse.c +++ b/src/revparse.c @@ -537,7 +537,8 @@ static int extract_curly_braces_content(git_buf *buf, const char *spec, size_t * if (spec[*pos] == '\0') return GIT_EINVALIDSPEC; - git_buf_putc(buf, spec[(*pos)++]); + if (git_buf_putc(buf, spec[(*pos)++]) < 0) + return -1; } (*pos)++; |