There are 9 places where prefix_path is called, and only in one of
them the returned pointer was checked to be non-zero and only to
call exit(128) as it is usually done by die(). In other 8 places,
the returned value was not checked and it caused SIGSEGV when a
path outside of the working tree was used. For instance, running
git update-index --add /some/path/outside
caused SIGSEGV.
This patch changes prefix_path() to die if the path is outside of
the repository, so it never returns NULL.
Signed-off-by: Dmitry Potapov <dpotapov@xxxxxxxxx>
---
setup.c | 9 ++-------
1 files changed, 2 insertions(+), 7 deletions(-)
diff --git a/setup.c b/setup.c
index 2e3248a..78a8041 100644
--- a/setup.c
+++ b/setup.c
@@ -110,9 +110,7 @@ const char *prefix_path(const char *prefix, int len, const char *path)
if (strncmp(sanitized, work_tree, len) ||
(sanitized[len] != '\0' && sanitized[len] != '/')) {
error_out:
- error("'%s' is outside repository", orig);
- free(sanitized);
- return NULL;
+ die("'%s' is outside repository", orig);
}
if (sanitized[len] == '/')
len++;
@@ -216,10 +214,7 @@ const char **get_pathspec(const char *prefix, const char **pathspec)
prefixlen = prefix ? strlen(prefix) : 0;
while (*src) {
const char *p = prefix_path(prefix, prefixlen, *src);
- if (p)
- *(dst++) = p;
- else
- exit(128); /* error message already given */
+ *(dst++) = p;
src++;
}
*dst = NULL;
--
1.6.0.2.445.g1198
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
