diff options
author | Johannes Schindelin <Johannes.Schindelin@gmx.de> | 2006-05-02 03:31:02 +0200 |
---|---|---|
committer | Junio C Hamano <junkio@cox.net> | 2006-05-01 22:14:03 -0700 |
commit | 0111ea38cbb9db0e4e245dcd5c86198186bab197 (patch) | |
tree | 1b07e4777ce4d4db3b63d21cba3607ddd5d02993 | |
parent | 7bc70a590db6ed3069d52aa38d59938e7955901b (diff) | |
download | git-0111ea38cbb9db0e4e245dcd5c86198186bab197.tar.gz |
cache-tree: replace a sscanf() by two strtol() calls
On one of my systems, sscanf() first calls strlen() on the buffer. But
this buffer is not terminated by NUL. So git crashed.
strtol() does not share that problem, as it stops reading after the
first non-digit.
[jc: original patch was wrong and did not read the cache-tree
structure correctly; this has been fixed up and tested minimally
with fsck-objects. ]
Signed-off-by: Johannes Schindelin <Johannes.Schindelin@gmx.de>
Signed-off-by: Junio C Hamano <junkio@cox.net>
-rw-r--r-- | cache-tree.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/cache-tree.c b/cache-tree.c index 28b78f88ef..e452238ba7 100644 --- a/cache-tree.c +++ b/cache-tree.c @@ -440,6 +440,8 @@ static struct cache_tree *read_one(const char **buffer, unsigned long *size_p) { const char *buf = *buffer; unsigned long size = *size_p; + const char *cp; + char *ep; struct cache_tree *it; int i, subtree_nr; @@ -453,7 +455,14 @@ static struct cache_tree *read_one(const char **buffer, unsigned long *size_p) goto free_return; buf++; size--; it = cache_tree(); - if (sscanf(buf, "%d %d\n", &it->entry_count, &subtree_nr) != 2) + + cp = buf; + it->entry_count = strtol(cp, &ep, 10); + if (cp == ep) + goto free_return; + cp = ep; + subtree_nr = strtol(cp, &ep, 10); + if (cp == ep) goto free_return; while (size && *buf && *buf != '\n') { size--; |