Junio C Hamano wrote:
> From: Jeff King
> Date: Tue, 3 Oct 2017 19:30:40 -0400
> Subject: [PATCH] path.c: fix uninitialized memory access
>
> In cleanup_path we're passing in a char array, run a memcmp on it, and
> run through it without ever checking if something is in the array
On 10/04, Junio C Hamano wrote:
> Jonathan Nieder writes:
>
> > Jeff King wrote:
> >> On Tue, Oct 03, 2017 at 03:45:01PM -0700, Jonathan Nieder wrote:
> >
> >>> In other words, an alternative fix would be
> >>>
> >>> if (*path == '.' && path[1] == '/') {
> >>>
On Wed, Oct 04, 2017 at 01:47:29PM +0900, Junio C Hamano wrote:
> Jonathan Nieder writes:
>
> > Jeff King wrote:
> >> On Tue, Oct 03, 2017 at 03:45:01PM -0700, Jonathan Nieder wrote:
> >
> >>> In other words, an alternative fix would be
> >>>
> >>> if (*path == '.' &&
Jonathan Nieder writes:
> Jeff King wrote:
>> On Tue, Oct 03, 2017 at 03:45:01PM -0700, Jonathan Nieder wrote:
>
>>> In other words, an alternative fix would be
>>>
>>> if (*path == '.' && path[1] == '/') {
>>> ...
>>> }
>>>
>>> which would not require
Jeff King wrote:
> On Tue, Oct 03, 2017 at 03:45:01PM -0700, Jonathan Nieder wrote:
>> In other words, an alternative fix would be
>>
>> if (*path == '.' && path[1] == '/') {
>> ...
>> }
>>
>> which would not require passing in 'len' or switching to index-based
>>
On Tue, Oct 03, 2017 at 03:45:01PM -0700, Jonathan Nieder wrote:
> When I first read the above, I thought it was going to be about a
> NUL-terminated string that was missing a NUL. But in fact, the issue
> is that strlen(path) can be < 2.
>
> In other words, an alternative fix would be
>
>
Hi,
Thomas Gummerer wrote:
> In cleanup_path we're passing in a char array, run a memcmp on it, and
> run through it without ever checking if something is in the array in the
> first place. This can lead us to access uninitialized memory, for
> example in t5541-http-push-smart.sh test 7, when
In cleanup_path we're passing in a char array, run a memcmp on it, and
run through it without ever checking if something is in the array in the
first place. This can lead us to access uninitialized memory, for
example in t5541-http-push-smart.sh test 7, when run under valgrind:
==4423==
8 matches
Mail list logo