receive-pack: do not overallocate command structure

An "update" command in the protocol exchange consists of 40-hex old object name, SP, 40-hex new object name, SP, and a refname, but the first instance is further followed by a NUL with feature requests. The command structure, which has a flex-array member that stores the refname at the end, was allocated based on the whole length of the update command, without excluding the trailing feature requests. Signed-off-by: Junio C Hamano <gitster@pobox.com>
author: Junio C Hamano <gitster@pobox.com> 2014-08-15 13:53:46 -0700
committer: Junio C Hamano <gitster@pobox.com> 2014-09-15 13:23:18 -0700
commit: 3bfcb95fa84d8bacb01a990c5bdb16df13462279 (patch)
tree: a27370615d482631499c536e030d87891e12344c
parent: aa544bfbc6eb11e4f0471f3144d3e3ac75c0e4a9 (diff)
download: git-3bfcb95fa84d8bacb01a990c5bdb16df13462279.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/builtin/receive-pack.c b/builtin/receive-pack.c
index f93ac454b4..1663bebaa2 100644
--- a/builtin/receive-pack.c
+++ b/builtin/receive-pack.c
@@ -872,10 +872,11 @@ static struct command *read_head_info(struct sha1_array *shallow)
 			if (parse_feature_request(feature_list, "quiet"))
 				quiet = 1;
 		}
-		cmd = xcalloc(1, sizeof(struct command) + len - 80);
+		cmd = xcalloc(1, sizeof(struct command) + reflen + 1);
 		hashcpy(cmd->old_sha1, old_sha1);
 		hashcpy(cmd->new_sha1, new_sha1);
-		memcpy(cmd->ref_name, line + 82, len - 81);
+		memcpy(cmd->ref_name, refname, reflen);
+		cmd->ref_name[reflen] = '\0';
 		*p = cmd;
 		p = &cmd->next;
 	}
author	Junio C Hamano <gitster@pobox.com>	2014-08-15 13:53:46 -0700
committer	Junio C Hamano <gitster@pobox.com>	2014-09-15 13:23:18 -0700
commit	3bfcb95fa84d8bacb01a990c5bdb16df13462279 (patch)
tree	a27370615d482631499c536e030d87891e12344c
parent	aa544bfbc6eb11e4f0471f3144d3e3ac75c0e4a9 (diff)
download	git-3bfcb95fa84d8bacb01a990c5bdb16df13462279.tar.gz