| commit | d9e557a320bd4695bccad873e176562489b2d199 | |
| author | Jeff King <peff@peff.net> | |
| Tue, 14 Feb 2017 17:27:45 +0000 (14 12:27 -0500) | ||
| committer | Junio C Hamano <gitster@pobox.com> | |
| Tue, 14 Feb 2017 19:28:53 +0000 (14 11:28 -0800) | ||
| tree | 136c4bfc8528f19fd593f6c83d429b03ed5cfb2f | treesnapshot (tar.gz zip) |
| parent | e6a7c75298001996790059e3ae70c627b3204dd9 | commitdiff |
show-branch: store resolved head in heap buffer
We resolve HEAD and copy the result to a fixed-size buffer
with memcpy, never checking that it actually fits. This bug
dates back to 8098a178b (Add git-symbolic-ref, 2005-09-30).
Before that we used readlink(), which took a maximum buffer
size.
We can fix this by using resolve_refdup(), which duplicates
the buffer on the heap. That also lets us just check
for a NULL pointer to see if we have resolved HEAD, and
drop the extra head_p variable.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
We resolve HEAD and copy the result to a fixed-size buffer
with memcpy, never checking that it actually fits. This bug
dates back to 8098a178b (Add git-symbolic-ref, 2005-09-30).
Before that we used readlink(), which took a maximum buffer
size.
We can fix this by using resolve_refdup(), which duplicates
the buffer on the heap. That also lets us just check
for a NULL pointer to see if we have resolved HEAD, and
drop the extra head_p variable.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| builtin/show-branch.c | diffblobblamehistory |