[PATCH] apply: reallocate the postimage buffer when needed

["Carlos Martín Nieto" <cmn@elego.de>]

The buffer in the postimage may become too small when whitespace fixes
are applied to the patch and update_pre_post_images might write past
the end of the buffer.

Teach the code to reallocate the buffer if needed. When it comes time
to free the buffer, do it directly on postimage.buf instead of the
newlines strbuf.

Signed-off-by: Carlos Martín Nieto <cmn@elego.de>
---

This was reported on IRC. Reproduction steps are at
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663338 and it
involves applying a patch whilst fixing whitespace changes.

Blame says Junio and Giuseppe were the last ones to touch this part of
the code, so there you go.

While this seems like a reasonable fix to me, it's the first time I've
looked at this part of the code, so there might be a better way of
growing the buffer to its final size. I considered adding a loop at
the beginning to determine the final size, but I'm unsure about which
lines actually get skipped.

 builtin/apply.c |   16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/builtin/apply.c b/builtin/apply.c
index 389898f..8899b09 100644
--- a/builtin/apply.c
+++ b/builtin/apply.c
@@ -2003,10 +2003,12 @@ static void update_pre_post_images(struct image *preimage,
 	 * in place (postlen==0) or not.
 	 */
 	old = postimage->buf;
-	if (postlen)
+	if (postlen) {
 		new = postimage->buf = xmalloc(postlen);
-	else
+		postimage->alloc = postlen;
+	} else {
 		new = old;
+	}
 	fixed = preimage->buf;
 	for (i = ctx = 0; i < postimage->nr; i++) {
 		size_t len = postimage->line[i].len;
@@ -2032,6 +2034,13 @@ static void update_pre_post_images(struct image *preimage,
 
 		/* and copy it in, while fixing the line length */
 		len = preimage->line[ctx].len;
+		if (postimage->alloc < (new - postimage->buf) + len) {
+			size_t post_len = new - postimage->buf;
+			postimage->buf = xrealloc(postimage->buf, post_len + len);
+			postimage->alloc = post_len + len;
+			new = postimage->buf + post_len;
+		}
+
 		memcpy(new, fixed, len);
 		new += len;
 		fixed += len;
@@ -2594,6 +2603,7 @@ static int apply_one_fragment(struct image *img, struct fragment *frag,
 	preimage.len = old - oldlines;
 	postimage.buf = newlines.buf;
 	postimage.len = newlines.len;
+	postimage.alloc = newlines.alloc;
 	preimage.line = preimage.line_allocated;
 	postimage.line = postimage.line_allocated;
 
@@ -2679,7 +2689,7 @@ static int apply_one_fragment(struct image *img, struct fragment *frag,
 	}
 
 	free(oldlines);
-	strbuf_release(&newlines);
+	free(postimage.buf);
 	free(preimage.line_allocated);
 	free(postimage.line_allocated);
 
-- 
1.7.10.rc0.17.g74595