[PATCH] Fix crash in t0020 (crlf conversion)

[PATCH] Fix crash in t0020 (crlf conversion)

[Alex Riesen]

Reallocated wrong size.
Noticed on Ubuntu 7.04 probably because it has some malloc diagnostics in libc:
"git-read-tree --reset -u HEAD" aborted in the test. Valgrind sped up the
debugging greatly: took me 10 minutes.

Signed-off-by: Alex Riesen <raa.lkml@gmail.com>
---
 attr.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/attr.c b/attr.c
index 285e689..a071254 100644
--- a/attr.c
+++ b/attr.c
@@ -300,7 +300,8 @@ static struct attr_stack *read_attr_from_array(const char **list)
 		a = parse_attr_line(line, "[builtin]", ++lineno, 1);
 		if (!a)
 			continue;
-		res->attrs = xrealloc(res->attrs, res->num_matches + 1);
+		res->attrs = xrealloc(res->attrs,
+			sizeof(struct match_attr *) * (res->num_matches + 1));
 		res->attrs[res->num_matches++] = a;
 	}
 	return res;
@@ -324,7 +325,8 @@ static struct attr_stack *read_attr_from_file(const char *path, int macro_ok)
 		a = parse_attr_line(buf, path, ++lineno, macro_ok);
 		if (!a)
 			continue;
-		res->attrs = xrealloc(res->attrs, res->num_matches + 1);
+		res->attrs = xrealloc(res->attrs,
+			sizeof(struct match_attr *) * (res->num_matches + 1));
 		res->attrs[res->num_matches++] = a;
 	}
 	fclose(fp);
-- 
1.5.1.1.946.gdb75a

[PATCH] Fix a typo in crlf conversion code

[Alex Riesen]

Also, noticed by valgrind: the code caused a read out-of-bounds.
Some comments updated as well (they still reflected old calling
conventions).

Signed-off-by: Alex Riesen <raa.lkml@gmail.com>
---
 convert.c |   10 +++++-----
 1 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/convert.c b/convert.c
index 37239ac..ad106ef 100644
--- a/convert.c
+++ b/convert.c
@@ -115,8 +115,8 @@ static char *crlf_to_git(const char *path, const char *src, unsigned long *sizep
 	}
 
 	/*
-	 * Ok, allocate a new buffer, fill it in, and return true
-	 * to let the caller know that we switched buffers on it.
+	 * Ok, allocate a new buffer, fill it in, and return it
+	 * to let the caller know that we switched buffers.
 	 */
 	nsize = size - stats.crlf;
 	buffer = xmalloc(nsize);
@@ -137,7 +137,7 @@ static char *crlf_to_git(const char *path, const char *src, unsigned long *sizep
 	} else {
 		do {
 			unsigned char c = *src++;
-			if (! (c == '\r' && (1 < size && *buffer == '\n')))
+			if (! (c == '\r' && (1 < size && *src == '\n')))
 				*dst++ = c;
 		} while (--size);
 	}
@@ -180,8 +180,8 @@ static char *crlf_to_worktree(const char *path, const char *src, unsigned long *
 	}
 
 	/*
-	 * Ok, allocate a new buffer, fill it in, and return true
-	 * to let the caller know that we switched buffers on it.
+	 * Ok, allocate a new buffer, fill it in, and return it
+	 * to let the caller know that we switched buffers.
 	 */
 	nsize = size + stats.lf - stats.crlf;
 	buffer = xmalloc(nsize);
-- 
1.5.1.1.946.gdb75a

Re: [PATCH] Fix crash in t0020 (crlf conversion)

[Alex Riesen]

Alex Riesen, Sun, Apr 22, 2007 16:11:54 +0200:
> Reallocated wrong size.
> Noticed on Ubuntu 7.04 probably because it has some malloc diagnostics in libc:
> "git-read-tree --reset -u HEAD" aborted in the test. Valgrind sped up the
> debugging greatly: took me 10 minutes.

Alex Riesen, Sun, Apr 22, 2007 16:12:22 +0200:
> Also, noticed by valgrind: the code caused a read out-of-bounds.
> Some comments updated as well (they still reflected old calling
> conventions).

Actually, it is all the other way around. The _second_ patch
(buffer->src in convert.c, the read out-of-bounds caused overwrite of
malloc control structures because of incorrect dst update condition)
is for the crash, the first is unrelated, but noticed by valgrind
in the same test.

I messed up the commit descriptions completely (Martins mail made
me look at the patches again). Sorry