On one of my systems, sscanf() first calls strlen() on the buffer. But
this buffer is not terminated by NUL. So git crashed.
strtol() does not share that problem, as it stops reading after the
first non-digit.
Signed-off-by: Johannes Schindelin <Johannes.Schindelin@xxxxxx>
---
Maybe, a better solution would be to store the integers in
binary form. But I am not familiar with that part of git, and
further, it would break setups which already have an index
with cache-tree information.
cache-tree.c | 11 ++++++++++-
1 files changed, 10 insertions(+), 1 deletions(-)
4325bb506d03a0e30a5d4dd197601a53f0375df9
diff --git a/cache-tree.c b/cache-tree.c
index 28b78f8..bd7c1aa 100644
--- a/cache-tree.c
+++ b/cache-tree.c
@@ -439,6 +439,7 @@ void *cache_tree_write(struct cache_tree
static struct cache_tree *read_one(const char **buffer, unsigned long *size_p)
{
const char *buf = *buffer;
+ char *endptr;
unsigned long size = *size_p;
struct cache_tree *it;
int i, subtree_nr;
@@ -453,8 +454,16 @@ static struct cache_tree *read_one(const
goto free_return;
buf++; size--;
it = cache_tree();
- if (sscanf(buf, "%d %d\n", &it->entry_count, &subtree_nr) != 2)
+ it->entry_count = strtol(buf, &endptr, 10);
+ if (buf == endptr)
goto free_return;
+ size -= (endptr - buf);
+ buf = endptr + 1;
+ subtree_nr = strtol(buf, &endptr, 10);
+ if (buf == endptr)
+ goto free_return;
+ size -= (endptr - buf);
+ buf = endptr + 1;
while (size && *buf && *buf != '\n') {
size--;
buf++;
--
1.3.1.g5d53-dirty
-
: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html