This avoids using a fixed-size buffer in fmt() for a user-supplied ref
string.
Signed-off-by: John Keeping <j...@keeping.me.uk>
---
ui-log.c | 21 +++++++++++++++------
1 file changed, 15 insertions(+), 6 deletions(-)
diff --git a/ui-log.c b/ui-log.c
index d75d7bf..606b67b 100644
--- a/ui-log.c
+++ b/ui-log.c
@@ -244,15 +244,19 @@ static void print_commit(struct commit *commit, struct
rev_info *revs)
cgit_free_commitinfo(info);
}
-static const char *disambiguate_ref(const char *ref)
+static const char *disambiguate_ref(const char *ref, int *must_free_result)
{
unsigned char sha1[20];
- const char *longref;
+ struct strbuf longref = STRBUF_INIT;
- longref = fmt("refs/heads/%s", ref);
- if (get_sha1(longref, sha1) == 0)
- return longref;
+ strbuf_addf(&longref, "refs/heads/%s", ref);
+ if (get_sha1(longref.buf, sha1) == 0) {
+ *must_free_result = 1;
+ return strbuf_detach(&longref, NULL);
+ }
+ *must_free_result = 0;
+ strbuf_release(&longref);
return ref;
}
@@ -285,6 +289,7 @@ void cgit_print_log(const char *tip, int ofs, int cnt, char
*grep, char *pattern
struct commit *commit;
struct vector vec = VECTOR_INIT(char *);
int i, columns = commit_graph ? 4 : 3;
+ int must_free_tip = 0;
char *arg;
/* First argv is NULL */
@@ -292,7 +297,7 @@ void cgit_print_log(const char *tip, int ofs, int cnt, char
*grep, char *pattern
if (!tip)
tip = ctx.qry.head;
- tip = disambiguate_ref(tip);
+ tip = disambiguate_ref(tip, &must_free_tip);
vector_push(&vec, &tip, 0);
if (grep && pattern && *pattern) {
@@ -430,4 +435,8 @@ void cgit_print_log(const char *tip, int ofs, int cnt, char
*grep, char *pattern
ctx.qry.vpath, 0, NULL, NULL, ctx.qry.showmsg);
html("</td></tr>\n");
}
+
+ /* If we allocated tip then it is safe to cast away const. */
+ if (must_free_tip)
+ free((char*) tip);
}
--
1.8.2.692.g17a9715
_______________________________________________
cgit mailing list
cgit@hjemli.net
http://hjemli.net/mailman/listinfo/cgit
