On Mon, Feb 15, 2016 at 11:18:56PM -0500, Eric Sunshine wrote: > > diff --git a/builtin/reflog.c b/builtin/reflog.c > > @@ -408,13 +407,12 @@ static struct reflog_expire_cfg *find_cfg_ent(const char *pattern, size_t len) > > reflog_expire_cfg_tail = &reflog_expire_cfg; > > > > for (ent = reflog_expire_cfg; ent; ent = ent->next) > > - if (ent->len == len && > > - !memcmp(ent->pattern, pattern, len)) > > + if (!strncmp(ent->pattern, pattern, len) && > > + ent->pattern[len] == '\0') > > If 'ent->pattern' is shorter than 'pattern' then the strncmp() will > fail, thus it will short-circuit before ent->pattern[len] has a chance > to access beyond the end of memory allocated for 'ent->pattern'. Okay, > makes sense. Yeah. It took me a minute to convince myself that this was correct. If you have a shorter or more clear way of writing it, I'm open to it. The best I could come up with is running an extra "strlen" and otherwise keeping the loop as it is; the performance on that is not as good, but if performance is a concern, maybe something besides a linear search would be in order. :) -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html