Caught by valgrind in t5516. Reading the code shows we
malloc enough for our string, but not trailing NUL.
Signed-off-by: Jeff King <peff@xxxxxxxx>
---
This bug was introduced in f517f1f (builtin-push: add --delete as
syntactic sugar for :foo, 2009-12-30), not released yet but part of
1.7.0-rc0. So no need for a 'maint' fix.
An obvious alternative would be to convert it to strbuf (which could
also be used to clean up other non-buggy string generation earlier in
the function).
builtin-push.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/builtin-push.c b/builtin-push.c
index 5df6608..5633f0a 100644
--- a/builtin-push.c
+++ b/builtin-push.c
@@ -52,7 +52,7 @@ static void set_refspecs(const char **refs, int nr)
} else if (deleterefs && !strchr(ref, ':')) {
char *delref;
int len = strlen(ref)+1;
- delref = xmalloc(len);
+ delref = xmalloc(len+1);
strcpy(delref, ":");
strcat(delref, ref);
ref = delref;
--
1.7.0.rc0.41.g538720
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html