It's possible to overflow an array in run_external_diff and write a single NULL onto the stack. The first patch below fixes that. The rest are cleanups and modernizations I noticed while in the area. It's possible that patch 3 is also a bug fix, depending on your interpretation. [1/6]: run_external_diff: use an argv_array for the command line [2/6]: run_external_diff: use an argv_array for the environment [3/6]: run_external_diff: clean up error handling [4/6]: run_external_diff: drop fflush(NULL) [5/6]: run_external_diff: hoist common bits out of conditional [6/6]: run_external_diff: refactor cmdline setup logic -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html