On Fri, Sep 22, 2017 at 12:18:17PM -0400, Jeff King wrote: > > I think if this function is fed an empty string that it will also read > > past the end of the buffer for in[1]. It shouldn't matter, since the NUL > > in in[0] would cause us to return an error regardless, but it's still > > undefined behavior. > > This is still a bug, though. Last message, I promise. ;) I started on the minimal fix for this, but actually it's OK by virtue of its sole caller first checking that we have enough length (because we're not parsing a string, in fact, but a ptr/len buffer). So all is well, though I think get_hex_color() does serve as a poor example if somebody were to try to adapt it generally (hopefully they wouldn't, since hex2chr() is already globally available). Sorry for the all the noise. -Peff
