On Mon, 9 Apr 2007, Dana How wrote:
> On 4/8/07, Nicolas Pitre <nico@xxxxxxx> wrote:
> > > @@ -448,6 +480,12 @@ static off_t write_object(struct sha1file *f,
> > > header[pos] = ofs & 127;
> > > while (ofs >>= 7)
> > > header[--pos] = 128 | (--ofs & 127);
> > > + if ( limit && hdrlen + sizeof(header) - pos +
> > datalen + 20 >= limit ) {
> > > + free(out);
> > > + free(buf);
> > > + return 0;
> > > + }
> > > + sha1write(f, header, hdrlen);
> > > sha1write(f, header + pos, sizeof(header) - pos);
> >
> > The above looks rather buggy to me.
>
> OK, can you be more specific?
You're writing the content of the array 'header' twice in a row. Sure
the second time it is header + pos but it is still the result of an
operation that used to put data into 'header' after the first content
was already written out. Right now it looks like the first write might
contain clobbered data.
Nicolas
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html