From: "Chandra Pratap via GitGitGadget" <gitgitgadget@gmail.com>
To: git@vger.kernel.org
Cc: Chandra Pratap <chandrapratap376@gmail.com>,
Chandra Pratap <chandrapratap3519@gmail.com>
Subject: [PATCH] commit.c: ensure strchrnul() doesn't scan beyond range
Date: Mon, 05 Feb 2024 17:21:45 +0000 [thread overview]
Message-ID: <pull.1652.git.1707153705840.gitgitgadget@gmail.com> (raw)
From: Chandra Pratap <chandrapratap3519@gmail.com>
Signed-off-by: Chandra Pratap <chandrapratap3519@gmail.com>
---
commit.c: ensure strchrnul() doesn't scan beyond range
Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-1652%2FChand-ra%2Fstrchrnul-v1
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-1652/Chand-ra/strchrnul-v1
Pull-Request: https://github.com/gitgitgadget/git/pull/1652
commit.c | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/commit.c b/commit.c
index ef679a0b939..a65b8e92e94 100644
--- a/commit.c
+++ b/commit.c
@@ -1743,15 +1743,9 @@ const char *find_header_mem(const char *msg, size_t len,
int key_len = strlen(key);
const char *line = msg;
- /*
- * NEEDSWORK: It's possible for strchrnul() to scan beyond the range
- * given by len. However, current callers are safe because they compute
- * len by scanning a NUL-terminated block of memory starting at msg.
- * Nonetheless, it would be better to ensure the function does not look
- * at msg beyond the len provided by the caller.
- */
while (line && line < msg + len) {
const char *eol = strchrnul(line, '\n');
+ assert(eol - line <= len);
if (line == eol)
return NULL;
base-commit: a54a84b333adbecf7bc4483c0e36ed5878cac17b
--
gitgitgadget
next reply other threads:[~2024-02-05 17:21 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-05 17:21 Chandra Pratap via GitGitGadget [this message]
2024-02-05 19:57 ` [PATCH] commit.c: ensure strchrnul() doesn't scan beyond range René Scharfe
2024-02-06 18:44 ` Junio C Hamano
2024-02-08 1:00 ` Jeff King
2024-02-08 18:31 ` René Scharfe
2024-02-08 19:48 ` Junio C Hamano
2024-02-08 19:52 ` Kyle Lippincott
2024-02-08 21:41 ` Jeff King
2024-02-08 21:44 ` Junio C Hamano
2024-02-06 1:41 ` Kyle Lippincott
2024-02-07 13:57 ` [PATCH v2] commit.c: ensure find_header_mem() doesn't scan beyond given range Chandra Pratap via GitGitGadget
2024-02-07 17:09 ` René Scharfe
2024-02-07 17:23 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=pull.1652.git.1707153705840.gitgitgadget@gmail.com \
--to=gitgitgadget@gmail.com \
--cc=chandrapratap3519@gmail.com \
--cc=chandrapratap376@gmail.com \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).