On Mon, Sep 18, 2017 at 11:51:00AM -0400, Jeff King wrote: > This series fixes a regression in v2.11.1 where we might read past the > end of an mmap'd buffer. It was introduced in cf3c635210, but I didn't > base the patch on there, for a few reasons: Here's a v2 that fixes a minor leak in the first patch (I carefully remembered to free() the path buffer on the error path, but forgot to do it in the normal one. Oops). I also tried to address Jonathan's "should this be in the commit message" comment. The information above _is_ in there, but maybe putting it at the top as a sort of tl;dr makes it easier to find? The second patch is unchanged. Junio, I see you ended up back-porting it to v2.11. Would you prefer me to have done it that way in the first place? I was trying to reduce your work by basing it on "maint" (figuring that we wouldn't bother making a v2.11.x release anyway, and that skips you having to apply the second patch separately after the merge). [1/2]: read_info_alternates: read contents into strbuf [2/2]: read_info_alternates: warn on non-trivial errors sha1_file.c | 31 +++++++++++-------------------- 1 file changed, 11 insertions(+), 20 deletions(-) -Peff
