* [PATCH] Don't segfault if the given SHA1 name is longer than 40 characters
@ 2006-10-19 1:34 pclouds
2006-10-19 4:13 ` Junio C Hamano
0 siblings, 1 reply; 3+ messages in thread
From: pclouds @ 2006-10-19 1:34 UTC (permalink / raw)
To: Junio C Hamano, git
Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
---
sha1_name.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/sha1_name.c b/sha1_name.c
index 9b226e3..6ffee22 100644
--- a/sha1_name.c
+++ b/sha1_name.c
@@ -157,7 +157,7 @@ static int get_short_sha1(const char *na
char canonical[40];
unsigned char res[20];
- if (len < MINIMUM_ABBREV)
+ if (len < MINIMUM_ABBREV || len > 40)
return -1;
hashclr(res);
memset(canonical, 'x', 40);
--
1.4.3.rc2.g0503-dirty
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] Don't segfault if the given SHA1 name is longer than 40 characters
2006-10-19 1:34 [PATCH] Don't segfault if the given SHA1 name is longer than 40 characters pclouds
@ 2006-10-19 4:13 ` Junio C Hamano
2006-10-19 4:54 ` Nguyen Thai Ngoc Duy
0 siblings, 1 reply; 3+ messages in thread
From: Junio C Hamano @ 2006-10-19 4:13 UTC (permalink / raw)
To: pclouds; +Cc: git
pclouds@gmail.com writes:
> Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
> ---
> sha1_name.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/sha1_name.c b/sha1_name.c
> index 9b226e3..6ffee22 100644
> --- a/sha1_name.c
> +++ b/sha1_name.c
> @@ -157,7 +157,7 @@ static int get_short_sha1(const char *na
> char canonical[40];
> unsigned char res[20];
>
> - if (len < MINIMUM_ABBREV)
> + if (len < MINIMUM_ABBREV || len > 40)
> return -1;
> hashclr(res);
> memset(canonical, 'x', 40);
Thanks.
The patch is correct, but it needs a better explanation in the
proposed commit log message than just "Don't segfault".
get_describe_name() can be fed a string foo-gXXX...XXX with a
very looooooooong hexstring. It calls get_short_sha1() without
checking if XXX...XXX part is longer than 40-bytes (in which
case it cannot be a valid object name).
get_sha1_1() has the same problem. Given a hexstring longer
than 40-bytes, it calls the function with it because earlier
ones such as get_sha1_hex() would reject the input.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] Don't segfault if the given SHA1 name is longer than 40 characters
2006-10-19 4:13 ` Junio C Hamano
@ 2006-10-19 4:54 ` Nguyen Thai Ngoc Duy
0 siblings, 0 replies; 3+ messages in thread
From: Nguyen Thai Ngoc Duy @ 2006-10-19 4:54 UTC (permalink / raw)
To: Junio C Hamano; +Cc: git
On 10/19/06, Junio C Hamano <junkio@cox.net> wrote:
> The patch is correct, but it needs a better explanation in the
> proposed commit log message than just "Don't segfault".
Well, maybe because I got a segfault when I accidentally pasted an
sha1 twice (blame my mouse). I hadn't looked closely enough to the
bug. Anyway, you got the bug and obviously have a better explanation
than mine. Please fix it with a better explanation. I'll be more
explanatory next time. Thank you :-)
> get_describe_name() can be fed a string foo-gXXX...XXX with a
> very looooooooong hexstring. It calls get_short_sha1() without
> checking if XXX...XXX part is longer than 40-bytes (in which
> case it cannot be a valid object name).
>
> get_sha1_1() has the same problem. Given a hexstring longer
> than 40-bytes, it calls the function with it because earlier
> ones such as get_sha1_hex() would reject the input.
--
Duy
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-10-19 4:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-10-19 1:34 [PATCH] Don't segfault if the given SHA1 name is longer than 40 characters pclouds
2006-10-19 4:13 ` Junio C Hamano
2006-10-19 4:54 ` Nguyen Thai Ngoc Duy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).