* Suspicious code in builtin-fast-export.c
@ 2008-07-02 9:04 Johannes Sixt
0 siblings, 0 replies; only message in thread
From: Johannes Sixt @ 2008-07-02 9:04 UTC (permalink / raw)
To: Pieter de Bie; +Cc: Git Mailing List
export_marks() has this code:
struct object_decoration *deco = idnums.hash;
...
for (i = 0; i < idnums.size; ++i) {
deco++;
if (deco && deco->base && deco->base->type == 1) {
...
}
}
I see that deco is off by one here at the end of the idnums.hash array
(and, btw, the check for 'deco &&' is always true). Indeed, this crashes
on Windows, and I can make it crash on Linux with this patch (which
overallocates a bit and writes junk into that space):
diff --git a/wrapper.c b/wrapper.c
index 4e04f76..658925e 100644
--- a/wrapper.c
+++ b/wrapper.c
@@ -72,7 +72,7 @@ void *xrealloc(void *ptr, size_t size)
void *xcalloc(size_t nmemb, size_t size)
{
- void *ret = calloc(nmemb, size);
+ void *ret = calloc(nmemb+1, size);
if (!ret && (!nmemb || !size))
ret = calloc(1, 1);
if (!ret) {
@@ -83,6 +83,7 @@ void *xcalloc(size_t nmemb, size_t size)
if (!ret)
die("Out of memory, calloc failed");
}
+ memset(ret+nmemb*size, 0xDE, size);
return ret;
}
--
1.5.6.64.gd77fe
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2008-07-02 9:05 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-07-02 9:04 Suspicious code in builtin-fast-export.c Johannes Sixt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).