* [PATCH] Don't segfault if the given SHA1 name is longer than 40 characters
@ 2006-10-19 1:34 pclouds
2006-10-19 4:13 ` Junio C Hamano
0 siblings, 1 reply; 3+ messages in thread
From: pclouds @ 2006-10-19 1:34 UTC (permalink / raw)
To: Junio C Hamano, git
Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
---
sha1_name.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/sha1_name.c b/sha1_name.c
index 9b226e3..6ffee22 100644
--- a/sha1_name.c
+++ b/sha1_name.c
@@ -157,7 +157,7 @@ static int get_short_sha1(const char *na
char canonical[40];
unsigned char res[20];
- if (len < MINIMUM_ABBREV)
+ if (len < MINIMUM_ABBREV || len > 40)
return -1;
hashclr(res);
memset(canonical, 'x', 40);
--
1.4.3.rc2.g0503-dirty
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] Don't segfault if the given SHA1 name is longer than 40 characters
2006-10-19 1:34 [PATCH] Don't segfault if the given SHA1 name is longer than 40 characters pclouds
@ 2006-10-19 4:13 ` Junio C Hamano
2006-10-19 4:54 ` Nguyen Thai Ngoc Duy
0 siblings, 1 reply; 3+ messages in thread
From: Junio C Hamano @ 2006-10-19 4:13 UTC (permalink / raw)
To: pclouds; +Cc: git
pclouds@gmail.com writes:
> Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
> ---
> sha1_name.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/sha1_name.c b/sha1_name.c
> index 9b226e3..6ffee22 100644
> --- a/sha1_name.c
> +++ b/sha1_name.c
> @@ -157,7 +157,7 @@ static int get_short_sha1(const char *na
> char canonical[40];
> unsigned char res[20];
>
> - if (len < MINIMUM_ABBREV)
> + if (len < MINIMUM_ABBREV || len > 40)
> return -1;
> hashclr(res);
> memset(canonical, 'x', 40);
Thanks.
The patch is correct, but it needs a better explanation in the
proposed commit log message than just "Don't segfault".
get_describe_name() can be fed a string foo-gXXX...XXX with a
very looooooooong hexstring. It calls get_short_sha1() without
checking if XXX...XXX part is longer than 40-bytes (in which
case it cannot be a valid object name).
get_sha1_1() has the same problem. Given a hexstring longer
than 40-bytes, it calls the function with it because earlier
ones such as get_sha1_hex() would reject the input.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] Don't segfault if the given SHA1 name is longer than 40 characters
2006-10-19 4:13 ` Junio C Hamano
@ 2006-10-19 4:54 ` Nguyen Thai Ngoc Duy
0 siblings, 0 replies; 3+ messages in thread
From: Nguyen Thai Ngoc Duy @ 2006-10-19 4:54 UTC (permalink / raw)
To: Junio C Hamano; +Cc: git
On 10/19/06, Junio C Hamano <junkio@cox.net> wrote:
> The patch is correct, but it needs a better explanation in the
> proposed commit log message than just "Don't segfault".
Well, maybe because I got a segfault when I accidentally pasted an
sha1 twice (blame my mouse). I hadn't looked closely enough to the
bug. Anyway, you got the bug and obviously have a better explanation
than mine. Please fix it with a better explanation. I'll be more
explanatory next time. Thank you :-)
> get_describe_name() can be fed a string foo-gXXX...XXX with a
> very looooooooong hexstring. It calls get_short_sha1() without
> checking if XXX...XXX part is longer than 40-bytes (in which
> case it cannot be a valid object name).
>
> get_sha1_1() has the same problem. Given a hexstring longer
> than 40-bytes, it calls the function with it because earlier
> ones such as get_sha1_hex() would reject the input.
--
Duy
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-10-19 4:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-10-19 1:34 [PATCH] Don't segfault if the given SHA1 name is longer than 40 characters pclouds
2006-10-19 4:13 ` Junio C Hamano
2006-10-19 4:54 ` Nguyen Thai Ngoc Duy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.