commit -S: avoid invalid pointer with empty messagejs/sign-empty-commit-fix

While it is not recommended, fsck.c says: Not having a body is not a crime [...] ... which means that we cannot assume that the commit buffer contains an empty line to separate header from body. A commit object with only a header without any body, not even without a blank line after the header, is valid. So let's tread carefully here. strstr("\n\n") may find nothing and return NULL. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
author: Johannes Schindelin <johannes.schindelin@gmx.de> 2016-06-29 16:14:54 +0200
committer: Junio C Hamano <gitster@pobox.com> 2016-06-29 15:07:02 -0700
commit: 3324dd8f267cb59cdd42ac33727b6844921d5017 (patch)
tree: 40bddd3eb8bb41fdd0724d4a6d24037be083a99e
parent: e46579643d56162299b1756b70d418005351b256 (diff)
download: git-js/sign-empty-commit-fix.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/commit.c b/commit.c
index d1810c940b..ee7f0cb029 100644
--- a/commit.c
+++ b/commit.c
@@ -1092,9 +1092,14 @@ static int do_sign_commit(struct strbuf *buf, const char *keyid)
 {
 	struct strbuf sig = STRBUF_INIT;
 	int inspos, copypos;
+	const char *eoh;
 
 	/* find the end of the header */
-	inspos = strstr(buf->buf, "\n\n") - buf->buf + 1;
+	eoh = strstr(buf->buf, "\n\n");
+	if (!eoh)
+		inspos = buf->len;
+	else
+		inspos = eoh - buf->buf + 1;
 
 	if (!keyid || !*keyid)
 		keyid = get_signing_key();
author	Johannes Schindelin <johannes.schindelin@gmx.de>	2016-06-29 16:14:54 +0200
committer	Junio C Hamano <gitster@pobox.com>	2016-06-29 15:07:02 -0700
commit	3324dd8f267cb59cdd42ac33727b6844921d5017 (patch)
tree	40bddd3eb8bb41fdd0724d4a6d24037be083a99e
parent	e46579643d56162299b1756b70d418005351b256 (diff)
download	git-js/sign-empty-commit-fix.tar.gz