When we are chomping newlines from the end of a strbuf, we
must check "sb.len != 0" before accessing "sb.buf[sb.len - 1]".
However, this code mistakenly checks "&sb.len", which is
always true (it is a part of an auto struct, so the address
is always non-zero). This could lead to us accessing memory
outside the strbuf when we read an empty file.
Signed-off-by: Jeff King <peff@xxxxxxxx>
---
This dates back to 8b87cfd (wt-status: move strbuf into
read_and_strip_branch(), 2013-03-16), so it is not a bug that needs
addressed during the -rc period.
This is the most minimal fix, but I kind of wonder if it should just be
using strbuf_rtrim (or even strbuf_trim) in the first place.
wt-status.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/wt-status.c b/wt-status.c
index b54eac5..29666d0 100644
--- a/wt-status.c
+++ b/wt-status.c
@@ -1140,7 +1140,7 @@ static char *read_and_strip_branch(const char *path)
if (strbuf_read_file(&sb, git_path("%s", path), 0) <= 0)
goto got_nothing;
- while (&sb.len && sb.buf[sb.len - 1] == '\n')
+ while (sb.len && sb.buf[sb.len - 1] == '\n')
strbuf_setlen(&sb, sb.len - 1);
if (!sb.len)
goto got_nothing;
--
2.3.0.rc1.287.g761fd19
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html