check_one_conflict() compares `i` to `active_nr` in two places to avoid
buffer overruns, but left out an important third location. This has
not previously been a problem, because existing merge strategies have
tended to not create entries at stage #1 that do not have a
corresponding entry at either stage #2 or stage #3. However, this is
not guaranteed, so add a check to avoid segfaults.
Signed-off-by: Elijah Newren <new...@gmail.com>
---
rerere.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rerere.c b/rerere.c
index 16c8aac621..7d22fb08c7 100644
--- a/rerere.c
+++ b/rerere.c
@@ -533,7 +533,7 @@ static int check_one_conflict(int i, int *type)
}
*type = PUNTED;
- while (ce_stage(active_cache[i]) == 1)
+ while (i < active_nr && ce_stage(active_cache[i]) == 1)
i++;
/* Only handle regular files with both stages #2 and #3 */
--
2.18.0.550.g44d6daf40a.dirty
