When commit a88c915 (mv: move submodules using a gitfile, 2013-07-30) added the submodule_gitfile array, it was not added to the block that enlarges the arrays when we are moving a directory so that we do not have to worry about it being a directory when we perform the actual move. After this, the loop continues over the enlarged set of sources. Since we assume that submodule_gitfile has size argc, if any of the items in the source directory are submodules we are guaranteed to write beyond the end of submodule_gitfile. Fix this by realloc'ing submodule_gitfile at the same time as the other arrays. Reported-by: Guillaume Gelin <contact@xxxxxxxxx> Signed-off-by: John Keeping <john@xxxxxxxxxxxxx> --- On Sat, Mar 08, 2014 at 07:15:42PM +0000, brian m. carlson wrote: > Yup, that's the same conclusion I came to. There are also two cases > where we don't shrink the array properly. I'll rebase my patch on top > of this one and send it. Nice catch. While looking at that, I spotted that I forgot to initialize the new values in submodule_gitfile when it grows. Guillaume's test case doesn't catch that because all the subdirectories are submodules. builtin/mv.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/builtin/mv.c b/builtin/mv.c index 21c46d1..5258077 100644 --- a/builtin/mv.c +++ b/builtin/mv.c @@ -179,6 +179,9 @@ int cmd_mv(int argc, const char **argv, const char *prefix) modes = xrealloc(modes, (argc + last - first) * sizeof(enum update_mode)); + submodule_gitfile = xrealloc(submodule_gitfile, + (argc + last - first) + * sizeof(char *)); } dst = add_slash(dst); @@ -192,6 +195,7 @@ int cmd_mv(int argc, const char **argv, const char *prefix) prefix_path(dst, dst_len, path + length + 1); modes[argc + j] = INDEX; + submodule_gitfile[argc + j] = NULL; } argc += last - first; } -- 1.9.0.6.g037df60.dirty -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html