builtin-show-branch.c relied on resolve_ref() to return
"refs/heads/foo" if on branch foo. But if not on a branch,
it returns "HEAD". Hence, `head + pfxlen' (i.e. head+11)
is a memory address beyond the "HEAD" string, so that
further operation leads to access of uninitialized memory.
This commit fixes the bug by just not adding the
"refs/heads/"-length offset. So append_one_rev() operates
on "refs/heads/foo" instead of "foo", which still works.
But now it also operates correctly on "HEAD".
Signed-off-by: Stephan Beyer <s-beyer@xxxxxxx>
---
builtin-show-branch.c | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
diff --git a/builtin-show-branch.c b/builtin-show-branch.c
index 019abd3..412eba0 100644
--- a/builtin-show-branch.c
+++ b/builtin-show-branch.c
@@ -782,8 +782,7 @@ int cmd_show_branch(int ac, const char **av, const char *prefix)
has_head++;
}
if (!has_head) {
- int pfxlen = strlen("refs/heads/");
- append_one_rev(head + pfxlen);
+ append_one_rev(head);
}
}
--
1.5.5.1
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
