René Scharfe <l.s.r@xxxxxx> writes:
> Am 16.06.22 um 01:35 schrieb Johannes Schindelin via GitGitGadget:
>> From: Johannes Schindelin <johannes.schindelin@xxxxxx>
>>
>> On Windows, we open files we suspect might be scripts, read the first
>> two bytes, and see whether they indicate a hash-bang line. We do not
>> initialize the byte _after_ those two bytes, therefore `strcmp()` is
>> inappropriate here.
>
> Hmm, but buf _is_ initialized fully? Line 149:
>
> char buf[3] = { 0 };
Ahh, yeah, that changes the landscape quite a bit.
We explicitly ask to read 2 bytes and look at the buf[] when read
says it read 2 bytes, so this is another false positive X-<.
>> diff --git a/run-command.c b/run-command.c
>> index 14f17830f51..2ba38850b4d 100644
>> --- a/run-command.c
>> +++ b/run-command.c
>> @@ -154,7 +154,7 @@ int is_executable(const char *name)
>> n = read(fd, buf, 2);
>> if (n == 2)
>> /* look for a she-bang */
>> - if (!strcmp(buf, "#!"))
>> + if (!memcmp(buf, "#!", 2))
>> st.st_mode |= S_IXUSR;
>> close(fd);
>> }
We can update the variable to
char buf[2];
to match the updated code, I guess. The fewer bytes we use on
stack, the better ;-).
