From: "Alex via GitGitGadget" <gitgitgadget@gmail.com>
To: git@vger.kernel.org
Cc: Alex <alexguo1023@gmail.com>, jinyaoguo <guo846@purdue.edu>
Subject: [PATCH] Fix buffer underflow in xdl_build_script
Date: Fri, 23 May 2025 20:51:40 +0000 [thread overview]
Message-ID: <pull.1976.git.git.1748033500935.gitgitgadget@gmail.com> (raw)
From: jinyaoguo <guo846@purdue.edu>
The loop in xdl_build_script used `i1 >= 0 || i2 >= 0`, causing
`i1` (or `i2`) to reach 0 and then access `rchg1[i1-1]` (or
`rchg2[i2-1]`), which underflows the buffer.
This commit adds explicit `i1 > 0` and `i2 > 0` checks around
those array accesses to prevent invalid negative indexing.
Signed-off-by: Alex Guo <alexguo1023@gmail.com>
---
Fix buffer underflow in xdl_build_script
Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-git-1976%2Fmugitya03%2Fbuf-1-v1
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-git-1976/mugitya03/buf-1-v1
Pull-Request: https://github.com/git/git/pull/1976
xdiff/xdiffi.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/xdiff/xdiffi.c b/xdiff/xdiffi.c
index 5a96e36dfbe..2e983965328 100644
--- a/xdiff/xdiffi.c
+++ b/xdiff/xdiffi.c
@@ -951,9 +951,10 @@ int xdl_build_script(xdfenv_t *xe, xdchange_t **xscr) {
* Trivial. Collects "groups" of changes and creates an edit script.
*/
for (i1 = xe->xdf1.nrec, i2 = xe->xdf2.nrec; i1 >= 0 || i2 >= 0; i1--, i2--)
- if (rchg1[i1 - 1] || rchg2[i2 - 1]) {
- for (l1 = i1; rchg1[i1 - 1]; i1--);
- for (l2 = i2; rchg2[i2 - 1]; i2--);
+ if ((i1 > 0 && rchg1[i1 - 1]) ||
+ (i2 > 0 && rchg2[i2 - 1])) {
+ for (l1 = i1; i1 > 0 && rchg1[i1 - 1]; i1--);
+ for (l2 = i2; i2 > 0 && rchg2[i2 - 1]; i2--);
if (!(xch = xdl_add_change(cscr, i1, i2, l1 - i1, l2 - i2))) {
xdl_free_script(cscr);
base-commit: 8613c2bb6cd16ef530dc5dd74d3b818a1ccbf1c0
--
gitgitgadget
next reply other threads:[~2025-05-23 20:51 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-23 20:51 Alex via GitGitGadget [this message]
2025-05-24 5:57 ` [PATCH] Fix buffer underflow in xdl_build_script René Scharfe
2025-05-24 9:08 ` René Scharfe
2025-05-24 13:38 ` Phillip Wood
2025-05-24 13:53 ` Phillip Wood
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=pull.1976.git.git.1748033500935.gitgitgadget@gmail.com \
--to=gitgitgadget@gmail.com \
--cc=alexguo1023@gmail.com \
--cc=git@vger.kernel.org \
--cc=guo846@purdue.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).