Re: [PATCH] setup_revisions(): do not access outside argv

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jeff King wrote:
> On Fri, May 22, 2009 at 03:56:20AM -0400, Jeff King wrote:
> 
>> Yeah, it is fine because it just passes the result to prep_temp_blob,
>> which respects the length. I don't know if it is worth making it more
>> safe (arguably it should just be using strbuf_readlink anyway, but that
>> does introduce an extra malloc).
> 
> And here is the strbuf_readlink version, which actually does make the
> source shorter and easier to read.
> 
> -- >8 --
> Subject: [PATCH] convert bare readlink to strbuf_readlink
> 
> This particular readlink call never NUL-terminated its
> result, making it a potential source of bugs (though there
> is no bug now, as it currently always respects the length
> field). Let's just switch it to strbuf_readlink which is
> shorter and less error-prone.
> 
> Signed-off-by: Jeff King <peff@xxxxxxxx>
> ---
>  diff.c |   10 +++-------
>  1 files changed, 3 insertions(+), 7 deletions(-)
> 
> diff --git a/diff.c b/diff.c
> index f06876b..ffbe5c4 100644
> --- a/diff.c
> +++ b/diff.c
> @@ -2014,14 +2014,10 @@ static struct diff_tempfile *prepare_temp_file(const char *name,
>  			die("stat(%s): %s", name, strerror(errno));
>  		}
>  		if (S_ISLNK(st.st_mode)) {
> -			int ret;
> -			char buf[PATH_MAX + 1]; /* ought to be SYMLINK_MAX */
> -			ret = readlink(name, buf, sizeof(buf));
> -			if (ret < 0)
> +			struct strbuf sb = STRBUF_INIT;
> +			if (strbuf_readlink(&sb, name, st.st_size) < 0)
>  				die("readlink(%s)", name);
> -			if (ret == sizeof(buf))
> -				die("symlink too long: %s", name);
> -			prep_temp_blob(name, temp, buf, ret,
> +			prep_temp_blob(name, temp, sb.buf, sb.len,
>  				       (one->sha1_valid ?
>  					one->sha1 : null_sha1),
>  				       (one->sha1_valid ?

Don't you need to strbuf_release() ?

-brandon
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]