From mboxrd@z Thu Jan 1 00:00:00 1970 From: Thomas Jarosch Subject: Re: [PATCH] setup_revisions(): do not access outside argv Date: Thu, 21 May 2009 20:02:08 +0200 Message-ID: <4A159720.3020103@intra2net.com> References: <1242806900-3499-1-git-send-email-pclouds@gmail.com> <4A13BC3C.5070000@viscovery.net> <7v7i0btdwu.fsf@alter.siamese.dyndns.org> <20090521041812.GE8091@sigill.intra.peff.net> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: Junio C Hamano , Nguyen Thai Ngoc Duy , Johannes Sixt , git@vger.kernel.org To: Jeff King X-From: git-owner@vger.kernel.org Thu May 21 20:02:24 2009 Return-path: Envelope-to: gcvg-git-2@gmane.org Received: from vger.kernel.org ([209.132.176.167]) by lo.gmane.org with esmtp (Exim 4.50) id 1M7Caz-0003yG-7p for gcvg-git-2@gmane.org; Thu, 21 May 2009 20:02:21 +0200 Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753798AbZEUSCM (ORCPT ); Thu, 21 May 2009 14:02:12 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1753613AbZEUSCK (ORCPT ); Thu, 21 May 2009 14:02:10 -0400 Received: from rs02.intra2net.com ([81.169.173.116]:42030 "EHLO rs02.intra2net.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753499AbZEUSCK (ORCPT ); Thu, 21 May 2009 14:02:10 -0400 Received: from intranator.m.i2n (unknown [172.16.1.99]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by rs02.intra2net.com (Postfix) with ESMTP id 3804C541; Thu, 21 May 2009 20:02:10 +0200 (CEST) Received: from localhost (intranator.m.i2n [127.0.0.1]) by localhost (Postfix) with ESMTP id C041F2AC4F; Thu, 21 May 2009 20:02:09 +0200 (CEST) Received: from pikkukde.a.i2n (pikkukde.m.i2n [192.168.12.2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by intranator.m.i2n (Postfix) with ESMTP id BF7A12AC4E; Thu, 21 May 2009 20:02:08 +0200 (CEST) User-Agent: Thunderbird 2.0.0.21 (X11/20090320) In-Reply-To: <20090521041812.GE8091@sigill.intra.peff.net> X-Virus-Scanned: by Intranator (www.intra2net.com) with AMaViS and F-Secure AntiVirus (fsavdb 2009-05-21_01) X-Spam-Status: hits=-2.0 tests=[ALL_TRUSTED=-1.8,BAYES_40=-0.185] X-Spam-Level: 980 Sender: git-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org Archived-At: Jeff King wrote: > Having just fixed a segfault in the GIT_TRACE code caused by a > non-terminated argv generated by the alias code, I think I would prefer > that we just consistently do the NULL-termination. You are otherwise > creating a maintenance pitfall when somebody later passes the value to > unsuspecting code. Speaking of that, there is also one piece of code in diff.c that doesn't do NULL-termination after a readlink() call (which never NULL-terminates). The current use is 100% fine, though the same maintenance argument might apply here, too. Wondering why the buffer is allocated as PATH_MAX +1. Hmm. Thomas