Re: [PATCH] color: protect against out-of-bounds array access/assignment

2018-08-03 Thread Eric Sunshine
On Fri, Aug 3, 2018 at 2:26 AM Jonathan Nieder wrote: > Eric Sunshine wrote: > > + if (fd < 0 || fd >= ARRAY_SIZE(want_auto)) > > + BUG("file descriptor out of range: %d", fd); > > The indentation looks wrong here. Yep, that's weird. I can't figure out how that got indented with four

Re: [PATCH] color: protect against out-of-bounds array access/assignment

2018-08-03 Thread Jonathan Nieder
Hi, Eric Sunshine wrote: > want_color_fd() is designed to work only with standard input, output, > and error file descriptors, and stores information about each descriptor > in an array. However, it doesn't verify that the passed-in descriptor > lives within that set, which, with a buggy caller,

Re: [PATCH] color: protect against out-of-bounds array access/assignment

2018-08-02 Thread Jeff King
On Thu, Aug 02, 2018 at 12:24:54PM -0700, Junio C Hamano wrote: > Eric Sunshine writes: > > > On Thu, Aug 2, 2018 at 1:37 PM Junio C Hamano wrote: > >> Johannes Schindelin writes: > >> > ACK! > >> > >> Did you write a buggy caller that would have been caught or helped > >> with this change?

Re: [PATCH] color: protect against out-of-bounds array access/assignment

2018-08-02 Thread Junio C Hamano
Eric Sunshine writes: > On Thu, Aug 2, 2018 at 1:37 PM Junio C Hamano wrote: >> Johannes Schindelin writes: >> > ACK! >> >> Did you write a buggy caller that would have been caught or helped >> with this change? You did not write the callee that is made more >> defensive with this patch, so I

Re: [PATCH] color: protect against out-of-bounds array access/assignment

2018-08-02 Thread Eric Sunshine
On Thu, Aug 2, 2018 at 1:37 PM Junio C Hamano wrote: > Johannes Schindelin writes: > > ACK! > > Did you write a buggy caller that would have been caught or helped > with this change? You did not write the callee that is made more > defensive with this patch, so I am being curious as to where

Re: [PATCH] color: protect against out-of-bounds array access/assignment

2018-08-02 Thread Junio C Hamano
Johannes Schindelin writes: > Hi Eric, > > On Thu, 2 Aug 2018, Eric Sunshine wrote: > >> want_color_fd() is designed to work only with standard input, output, >> and error file descriptors, and stores information about each descriptor >> in an array. However, it doesn't verify that the passed-in

Re: [PATCH] color: protect against out-of-bounds array access/assignment

2018-08-02 Thread Johannes Schindelin
Hi Eric, On Thu, 2 Aug 2018, Eric Sunshine wrote: > want_color_fd() is designed to work only with standard input, output, > and error file descriptors, and stores information about each descriptor > in an array. However, it doesn't verify that the passed-in descriptor > lives within that set,

[PATCH] color: protect against out-of-bounds array access/assignment

2018-08-02 Thread Eric Sunshine
want_color_fd() is designed to work only with standard input, output, and error file descriptors, and stores information about each descriptor in an array. However, it doesn't verify that the passed-in descriptor lives within that set, which, with a buggy caller, could lead to access/assignment