Nguyán ThÃi Ngác Duy <pclouds@xxxxxxxxx> writes:
> strbuf_grow(sb, 0) may allocate less than requested len and violate the
> next assertion.
>
> Signed-off-by: Nguyán ThÃi Ngác Duy <pclouds@xxxxxxxxx>
> ---
> strbuf.h | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/strbuf.h b/strbuf.h
> index 07060ce..ab213da 100644
> --- a/strbuf.h
> +++ b/strbuf.h
> @@ -34,7 +34,7 @@ extern void strbuf_grow(struct strbuf *, size_t);
>
> static inline void strbuf_setlen(struct strbuf *sb, size_t len) {
> if (!sb->alloc)
> - strbuf_grow(sb, 0);
> + strbuf_grow(sb, len);
> assert(len < sb->alloc);
This looks so obviously correct that it is scary.
How could 60 callsites of this function manage to have run without crashes
so far? They all happen to use the function on a buffer that already has
something on it?
Well spotted, thanks.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html