[RESEND PATCH 1/2] Fix builtin-fetch memory corruption by not overstepping array

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



A long time ago Junio added this line to always ensure that the
output array created by remove_duplicates() had a NULL as its
terminating node.  Today none of the downstream consumers of this
array care about a NULL terminator; they only pay attention to the
size of the array (as indicated by nr_heads).  In (nearly?) all
cases passing a NULL element will cause SIGSEGV failures.  So this
NULL terminal is not actually necessary.

Unfortunately we cannot continue to NULL terminate the array at
this point as the array may only have been allocated large enough
to match the input of nr_heads.  If there are no duplicates than
we would be trying to store NULL into heads[nr_heads] and that may
be outside of the array.

My recent series to cleanup builtin-fetch changed the allocation of
the heads array from 256 entries to exactly nr_heads thus ensuring
we were always overstepping the array and causing memory corruption.

Signed-off-by: Shawn O. Pearce <spearce@xxxxxxxxxxx>
---

 *** RESEND TO CORRECT FROM+SBO ***

 Sorry Junio.  I realized too late that the headers were wrong.
 That's what I get for not configuring ~/.gitconfig on my amd64
 Linux box.  ;-)

 builtin-fetch-pack.c |    1 -
 1 files changed, 0 insertions(+), 1 deletions(-)

diff --git a/builtin-fetch-pack.c b/builtin-fetch-pack.c
index b0936cc..2977a94 100644
--- a/builtin-fetch-pack.c
+++ b/builtin-fetch-pack.c
@@ -654,7 +654,6 @@ static int remove_duplicates(int nr_heads, char **heads)
 			heads[dst] = heads[src];
 		dst++;
 	}
-	heads[dst] = 0;
 	return dst;
 }
 
-- 
1.5.3.1.921.g8c3b

-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux