On Wed, Sep 10, 2014 at 9:52 AM, Johannes Schindelin <johannes.schindelin@xxxxxx> wrote: > So far, we assumed that the buffer is NUL terminated, but this is not > a safe assumption, now that we opened the fsck_object() API to pass a > buffer directly. > > So let's make sure that there is at least an empty line in the buffer. > That way, our checks would fail if the empty line was encountered > prematurely, and consequently we can get away with the current string > comparisons even with non-NUL-terminated buffers are passed to > fsck_object(). > > Signed-off-by: Johannes Schindelin <johannes.schindelin@xxxxxx> > --- > fsck.c | 23 +++++++++++++++++++++++ > 1 file changed, 23 insertions(+) > > diff --git a/fsck.c b/fsck.c > index dd77628..9dd7d12 100644 > --- a/fsck.c > +++ b/fsck.c > @@ -237,6 +237,26 @@ static int fsck_tree(struct tree *item, int strict, fsck_error error_func) > return retval; > } > > +static int require_end_of_header(const void *data, unsigned long size, > + struct object *obj, fsck_error error_func) > +{ > + const char *buffer = (const char *)data; > + int i; > + > + for (i = 0; i < size; i++) { Should 'i' have type 'unsigned long', rather than 'int', to be consistent with the type of 'size'? > + switch (buffer[i]) { > + case '\0': > + return error_func(obj, FSCK_ERROR, > + "invalid message: NUL at offset %d", i); > + case '\n': > + if (i + 1 < size && buffer[i + 1] == '\n') > + return 0; > + } > + } > + > + return error_func(obj, FSCK_ERROR, "invalid buffer: missing empty line"); > +} > + > static int fsck_ident(const char **ident, struct object *obj, fsck_error error_func) > { > char *end; > @@ -284,6 +304,9 @@ static int fsck_commit_buffer(struct commit *commit, const char *buffer, > unsigned parent_count, parent_line_count = 0; > int err; > > + if (require_end_of_header(buffer, size, &commit->object, error_func)) > + return -1; > + > if (!skip_prefix(buffer, "tree ", &buffer)) > return error_func(&commit->object, FSCK_ERROR, "invalid format - expected 'tree' line"); > if (get_sha1_hex(buffer, tree_sha1) || buffer[40] != '\n') > -- > 2.0.0.rc3.9669.g840d1f9 > > -- > To unsubscribe from this list: send the line "unsubscribe git" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html