summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohannes Schindelin <Johannes.Schindelin@gmx.de>2006-05-02 03:31:02 +0200
committerJunio C Hamano <junkio@cox.net>2006-05-01 22:14:03 -0700
commit0111ea38cbb9db0e4e245dcd5c86198186bab197 (patch)
tree1b07e4777ce4d4db3b63d21cba3607ddd5d02993
parent7bc70a590db6ed3069d52aa38d59938e7955901b (diff)
downloadgit-0111ea38cbb9db0e4e245dcd5c86198186bab197.tar.gz
cache-tree: replace a sscanf() by two strtol() calls
On one of my systems, sscanf() first calls strlen() on the buffer. But this buffer is not terminated by NUL. So git crashed. strtol() does not share that problem, as it stops reading after the first non-digit. [jc: original patch was wrong and did not read the cache-tree structure correctly; this has been fixed up and tested minimally with fsck-objects. ] Signed-off-by: Johannes Schindelin <Johannes.Schindelin@gmx.de> Signed-off-by: Junio C Hamano <junkio@cox.net>
-rw-r--r--cache-tree.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/cache-tree.c b/cache-tree.c
index 28b78f88ef..e452238ba7 100644
--- a/cache-tree.c
+++ b/cache-tree.c
@@ -440,6 +440,8 @@ static struct cache_tree *read_one(const char **buffer, unsigned long *size_p)
{
const char *buf = *buffer;
unsigned long size = *size_p;
+ const char *cp;
+ char *ep;
struct cache_tree *it;
int i, subtree_nr;
@@ -453,7 +455,14 @@ static struct cache_tree *read_one(const char **buffer, unsigned long *size_p)
goto free_return;
buf++; size--;
it = cache_tree();
- if (sscanf(buf, "%d %d\n", &it->entry_count, &subtree_nr) != 2)
+
+ cp = buf;
+ it->entry_count = strtol(cp, &ep, 10);
+ if (cp == ep)
+ goto free_return;
+ cp = ep;
+ subtree_nr = strtol(cp, &ep, 10);
+ if (cp == ep)
goto free_return;
while (size && *buf && *buf != '\n') {
size--;