[PATCH/RFH] pp_header(): work around possible memory corruption

[PATCH/RFH] pp_header(): work around possible memory corruption

[Johannes Schindelin]

add_user_info() possibly adds way more than just the commit header line. 
In fact, it sometimes needs so much more space that there is a buffer 
overrun, leading to an ugly crash. For example, the date is printed in its 
own line, and usually takes up more space than the equivalent Unix epoch.

So, for good measure, add 80 characters (a full line) to the allocated 
space, in addition to the header line length.

Signed-off-by: Johannes Schindelin <Johannes.Schindelin@gmx.de>

---

	I have no idea if 80 is a good value, and if other places
	need an equivalent fix up, too.

	But I needed this patch in a hurry...

 commit.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/commit.c b/commit.c
index f778bf4..03436b1 100644
--- a/commit.c
+++ b/commit.c
@@ -997,7 +997,7 @@ static void pp_header(enum cmit_fmt fmt,
 			len = linelen;
 			if (fmt == CMIT_FMT_EMAIL)
 				len = bound_rfc2047(linelen, encoding);
-			ALLOC_GROW(*buf_p, *ofs_p + len, *space_p);
+			ALLOC_GROW(*buf_p, *ofs_p + len + 80, *space_p);
 			dst = *buf_p + *ofs_p;
 			*ofs_p += add_user_info("Author", fmt, dst,
 						line + 7, dmode, encoding);
@@ -1008,7 +1008,7 @@ static void pp_header(enum cmit_fmt fmt,
 			len = linelen;
 			if (fmt == CMIT_FMT_EMAIL)
 				len = bound_rfc2047(linelen, encoding);
-			ALLOC_GROW(*buf_p, *ofs_p + len, *space_p);
+			ALLOC_GROW(*buf_p, *ofs_p + len + 80, *space_p);
 			dst = *buf_p + *ofs_p;
 			*ofs_p += add_user_info("Commit", fmt, dst,
 						line + 10, dmode, encoding);

Re: [PATCH/RFH] pp_header(): work around possible memory corruption

[Junio C Hamano]

At least the older humongous pretty_print_commit() got separated
into manageable chunks, and I was happy.  I was just too lazy
when refactoring the code and stopped there.

The right fix is to propagate the "realloc as needed" callchain
into add_user_info(), instead of having "this should be enough"
there.  These two you touched are the only two callsite of that
static function.

Re: [PATCH/RFH] pp_header(): work around possible memory corruption

[Johannes Schindelin]

Hi,

On Fri, 15 Jun 2007, Junio C Hamano wrote:

> At least the older humongous pretty_print_commit() got separated into 
> manageable chunks, and I was happy.  I was just too lazy when 
> refactoring the code and stopped there.

That's perfectly okay. This is why you parked it in 'next', I guess.

> The right fix is to propagate the "realloc as needed" callchain into 
> add_user_info(), instead of having "this should be enough" there.  
> These two you touched are the only two callsite of that static function.

Right. As I said, I was in a hurry, and could not research it properly. 
Besides, now that you gave me the proper pointer, I can take care about it 
tomorrow, unless somebody else is faster.

Ciao,
Dscho

Re: [PATCH/RFH] pp_header(): work around possible memory corruption

[Johannes Schindelin]

Hi,

On Fri, 15 Jun 2007, Junio C Hamano wrote:

> At least the older humongous pretty_print_commit() got separated into 
> manageable chunks, and I was happy.  I was just too lazy when 
> refactoring the code and stopped there.

Understandable.

> The right fix is to propagate the "realloc as needed" callchain into 
> add_user_info(), instead of having "this should be enough" there.  
> These two you touched are the only two callsite of that static function.

I had a go at this, but unfortunately I do not understand enough of what 
is going on there. For example, add_rfc2047() sometimes quotes some text. 
I have no idea what a conservative estimate of the growth is, so I cannot 
continue there.

Sorry,
Dscho