On Tue, Nov 01, 2022 at 08:41:55PM -0400, Philippe Blain wrote: > > The issue isn't unique to pgp signatures; the problem is in the parsing > > done by ref-filter's find_subpos(), so any signature type exhibits the > > problem. At the end of that function we do: > > > > *nonsiglen = sigstart - buf; > > > > but "buf" has moved beyond "sigstart". Presumably because it uses > > strstr() to look for end-of-line in buf. Since there isn't one before > > the signature begins, we go to the end of the signature. > > > > The bug bisects to 9f75ce3d8f (ref-filter: handle CRLF at end-of-line > > more gracefully, 2020-10-29). Before then, I think our loop was careful > > about moving past the start of the signature. Author cc'd. > > > > Thanks for letting me know, and for the simple reproducer, that's very useful. > I'll try to find time to fix that this week, but can't promise anything. After sleeping on it, I think I fully understand what's going on. There are actually _two_ bugs, but they are closely related. ;) Here are patches which fix them both. I may be setting a new record for the ratio of commit message lines to changed code. But it took me a while to figure out what was going on, so I wanted to explain it fully. [1/2]: ref-filter: fix parsing of signatures without blank lines [2/2]: ref-filter: fix parsing of signatures with CRLF and no body ref-filter.c | 8 ++++---- t/t6300-for-each-ref.sh | 40 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+), 4 deletions(-) -Peff
