Re: [PATCH 3/6] revert: fix buffer overflow in insn sheet parser

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ramkumar Ramachandra <artagnon@gmail.com>
To: Jonathan Nieder <jrnieder@gmail.com>, Junio C Hamano <gitster@pobox.com>
Cc: Git List <git@vger.kernel.org>,
	Christian Couder <chriscool@tuxfamily.org>
Subject: Re: [PATCH 3/6] revert: fix buffer overflow in insn sheet parser
Date: Thu, 20 Oct 2011 14:18:33 +0530	[thread overview]
Message-ID: <4E9FE061.3080601@gmail.com> (raw)
In-Reply-To: <20111020080328.GA12337@elie.hsd1.il.comcast.net>

Hi Jonathan and Junio,

Jonathan Nieder writes:
> Junio C Hamano wrote:
>> Ramkumar Ramachandra <artagnon@gmail.com> writes:
>
>>> Check that the commit name argument to a "pick" or "revert" action in
>>> '.git/sequencer/todo' is not too long
> [...]
>> Given that this function is going to be fixed properly so that it does not
>> even need to use the "on-stack buffer", is this really necessary?
>
> Right, I don't think it is.  Keeping a testcase sounds worthwhile,
> though.

Okay.  How about putting this after 5/6?

-- 8< --
Subject: [PATCH] t3510: guard against buffer overflows in parser

To guard against a buffer overflow in the parser, verify that
instruction sheets with overly long object names are parsed.

Suggested-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Ramkumar Ramachandra <artagnon@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
 t/t3510-cherry-pick-sequence.sh |   14 ++++++++++++++
 1 files changed, 14 insertions(+), 0 deletions(-)

diff --git a/t/t3510-cherry-pick-sequence.sh b/t/t3510-cherry-pick-sequence.sh
index 0e29e03..39b55c1 100755
--- a/t/t3510-cherry-pick-sequence.sh
+++ b/t/t3510-cherry-pick-sequence.sh
@@ -12,6 +12,9 @@ test_description='Test cherry-pick continuation features
 
 . ./test-lib.sh
 
+# Repeat first match 10 times
+_r10='\1\1\1\1\1\1\1\1\1\1'
+
 pristine_detach () {
        git cherry-pick --reset &&
        git checkout -f "$1^0" &&
@@ -211,6 +214,17 @@ test_expect_success 'malformed instruction sheet 2' '
        test_must_fail git cherry-pick --continue
 '
 
+test_expect_success 'malformed instruction sheet 3' '
+       pristine_detach initial &&
+       test_must_fail git cherry-pick base..anotherpick &&
+       echo "resolved" >foo &&
+       git add foo &&
+       git commit &&
+       sed "s/pick \([0-9a-f]*\)/pick $_r10/" .git/sequencer/todo >new_sheet &&
+       cp new_sheet .git/sequencer/todo &&
+       test_must_fail git cherry-pick --continue
+'
+
 test_expect_success 'commit descriptions in insn sheet are optional' '
        pristine_detach initial &&
        test_must_fail git cherry-pick base..anotherpick &&
-- 
1.7.6.351.gb35ac.dirty

next prev parent reply	other threads:[~2011-10-20  8:51 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-10-19 21:03 [PATCH v2 0/6] Sequencer fixups mini-series Ramkumar Ramachandra
2011-10-19 21:03 ` [PATCH 1/6] revert: free msg in format_todo() Ramkumar Ramachandra
2011-10-19 21:03 ` [PATCH 2/6] revert: simplify getting commit subject " Ramkumar Ramachandra
2011-10-19 21:03 ` [PATCH 3/6] revert: fix buffer overflow in insn sheet parser Ramkumar Ramachandra
2011-10-20  1:30   ` Junio C Hamano
2011-10-20  8:03     ` Jonathan Nieder
2011-10-20  8:48       ` Ramkumar Ramachandra [this message]
2011-10-20  9:09         ` Jonathan Nieder
2011-10-20 15:36           ` Ramkumar Ramachandra
2011-10-20 17:15           ` Junio C Hamano
2011-10-20 18:05             ` Jonathan Nieder
2011-10-20 18:55               ` Junio C Hamano
2011-10-22 18:57                 ` Ramkumar Ramachandra
2011-10-19 21:03 ` [PATCH 4/6] revert: make commit subjects in insn sheet optional Ramkumar Ramachandra
2011-10-19 21:03 ` [PATCH 5/6] revert: allow mixed pick and revert instructions Ramkumar Ramachandra
2011-10-19 21:03 ` [PATCH 6/6] revert: simplify communicating command-line arguments Ramkumar Ramachandra
  -- strict thread matches above, loose matches on Subject: below --
2011-10-08 17:36 [PATCH 0/6] Sequencer fixups mini-series Ramkumar Ramachandra
2011-10-08 17:36 ` [PATCH 3/6] revert: Fix buffer overflow in insn sheet parser Ramkumar Ramachandra

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:0e29e03 dfblob:39b55c1 )
 OR (
bs:"t3510: guard against buffer overflows in parser" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4E9FE061.3080601@gmail.com \
    --to=artagnon@gmail.com \
    --cc=chriscool@tuxfamily.org \
    --cc=git@vger.kernel.org \
    --cc=gitster@pobox.com \
    --cc=jrnieder@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.