"Johannes Schindelin via GitGitGadget" <gitgitgadget@xxxxxxxxx> writes: > From: Johannes Schindelin <johannes.schindelin@xxxxxx> > > On Windows, we open files we suspect might be scripts, read the first > two bytes, and see whether they indicate a hash-bang line. We do not > initialize the byte _after_ those two bytes, therefore `strcmp()` is > inappropriate here. > > Reported by Coverity. > > Signed-off-by: Johannes Schindelin <johannes.schindelin@xxxxxx> > --- > run-command.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) This has been with us since cc3b7a97 (Windows: Make 'git help -a' work., 2008-01-14) and apparently nobody made loud enough noises to make us aware since then. The fix is trivially correct, of course. Will queue. > > diff --git a/run-command.c b/run-command.c > index 14f17830f51..2ba38850b4d 100644 > --- a/run-command.c > +++ b/run-command.c > @@ -154,7 +154,7 @@ int is_executable(const char *name) > n = read(fd, buf, 2); > if (n == 2) > /* look for a she-bang */ > - if (!strcmp(buf, "#!")) > + if (!memcmp(buf, "#!", 2)) > st.st_mode |= S_IXUSR; > close(fd); > }
