On Wed, Apr 22, 2020 at 4:41 PM Jonathan Nieder <jrnieder@xxxxxxxxx> wrote:
> Johannes Schindelin wrote:
> > @@ -382,8 +382,10 @@ int credential_from_url_gently(struct credential *c, const char *url,
> > host = at + 1;
> > }
> >
> > - c->protocol = xmemdupz(url, proto_end - url);
> > - c->host = url_decode_mem(host, slash - host);
> > + if (proto_end && proto_end - url > 0)
> > + c->protocol = xmemdupz(url, proto_end - url);
>
> What should happen when the protocol isn't present? Does this mean
> callers will need to be audited to make sure they handle NULL?
the previous code was ensuring protocol was always at least "" (albeit it
might had been easier to understand with a comment)
removing the proto_end - url check would have the same effect, but then
we will need to also add a explicit xmemdupz("") for the nonstrict part
or audit (and with certainty add) checks to prevent a NULL protocol to
introduce regressions
Carlo
