Re: [PATCH] sequencer.c: fix overflow & segfault in parse_strategy_opts()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ævar Arnfjörð Bjarmason  <avarab@xxxxxxxxx> writes:

> There's a few things that use this for option parsing, but one way to
> trigger it is with a bad value to "-X <strategy-option>", e.g:
>
> 	git rebase -X"bad argument\""

Wow, that is nasty ;-).

> diff --git a/sequencer.c b/sequencer.c
> index 3e4a1972897..79c615193b6 100644
> --- a/sequencer.c
> +++ b/sequencer.c
> @@ -2876,13 +2876,18 @@ static int populate_opts_cb(const char *key, const char *value, void *data)
>  void parse_strategy_opts(struct replay_opts *opts, char *raw_opts)
>  {
>  	int i;
> +	int count;
>  	char *strategy_opts_string = raw_opts;
>  
>  	if (*strategy_opts_string == ' ')
>  		strategy_opts_string++;
>  
> -	opts->xopts_nr = split_cmdline(strategy_opts_string,
> -				       (const char ***)&opts->xopts);
> +	count = split_cmdline(strategy_opts_string,
> +			      (const char ***)&opts->xopts);
> +	if (count < 0)
> +		die(_("could not split '%s': '%s'"), strategy_opts_string,
> +			    split_cmdline_strerror(count));

This made me look at split_cmdline_strerror().  It is a table lookup
into split_cmdline_errors[] in alias.c which looks like this:

    static const char *split_cmdline_errors[] = {
            N_("cmdline ends with \\"),
            N_("unclosed quote"),
            N_("too many arguments"),
    };

So the result is properly localized, but I suspect that the string
after : should not be enclosed within a pair of single quotes.

	die(_("could not split '%s': %s", strategy_opts_string,
		split_cmdline_strerror(count)));

Other than that, nice find.

Thanks.



[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux