diff options
author | Junio C Hamano <gitster@pobox.com> | 2016-09-26 16:09:19 -0700 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2016-09-26 16:09:19 -0700 |
commit | 6a67695268562f67babdb7d5195c8a43cc4015fa (patch) | |
tree | b5bbacc08e466f6de62cf2e9fd450d71ef0ea6c7 /diffcore-pickaxe.c | |
parent | 31b83f361bd962e9c5f96bf7714051d77f592af2 (diff) | |
parent | b7d36ffca02c23f545d6e098d78180e6e72dfd8d (diff) | |
download | git-6a67695268562f67babdb7d5195c8a43cc4015fa.tar.gz |
Merge branch 'js/regexec-buf'
Some codepaths in "git diff" used regexec(3) on a buffer that was
mmap(2)ed, which may not have a terminating NUL, leading to a read
beyond the end of the mapped region. This was fixed by introducing
a regexec_buf() helper that takes a <ptr,len> pair with REG_STARTEND
extension.
* js/regexec-buf:
regex: use regexec_buf()
regex: add regexec_buf() that can work on a non NUL-terminated string
regex: -G<pattern> feeds a non NUL-terminated string to regexec() and fails
Diffstat (limited to 'diffcore-pickaxe.c')
-rw-r--r-- | diffcore-pickaxe.c | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/diffcore-pickaxe.c b/diffcore-pickaxe.c index 55067cab6c..9795ca1c15 100644 --- a/diffcore-pickaxe.c +++ b/diffcore-pickaxe.c @@ -23,7 +23,6 @@ static void diffgrep_consume(void *priv, char *line, unsigned long len) { struct diffgrep_cb *data = priv; regmatch_t regmatch; - int hold; if (line[0] != '+' && line[0] != '-') return; @@ -33,11 +32,8 @@ static void diffgrep_consume(void *priv, char *line, unsigned long len) * caller early. */ return; - /* Yuck -- line ought to be "const char *"! */ - hold = line[len]; - line[len] = '\0'; - data->hit = !regexec(data->regexp, line + 1, 1, ®match, 0); - line[len] = hold; + data->hit = !regexec_buf(data->regexp, line + 1, len - 1, 1, + ®match, 0); } static int diff_grep(mmfile_t *one, mmfile_t *two, @@ -50,9 +46,11 @@ static int diff_grep(mmfile_t *one, mmfile_t *two, xdemitconf_t xecfg; if (!one) - return !regexec(regexp, two->ptr, 1, ®match, 0); + return !regexec_buf(regexp, two->ptr, two->size, + 1, ®match, 0); if (!two) - return !regexec(regexp, one->ptr, 1, ®match, 0); + return !regexec_buf(regexp, one->ptr, one->size, + 1, ®match, 0); /* * We have both sides; need to run textual diff and see if @@ -83,8 +81,8 @@ static unsigned int contains(mmfile_t *mf, regex_t *regexp, kwset_t kws) regmatch_t regmatch; int flags = 0; - assert(data[sz] == '\0'); - while (*data && !regexec(regexp, data, 1, ®match, flags)) { + while (*data && + !regexec_buf(regexp, data, sz, 1, ®match, flags)) { flags |= REG_NOTBOL; data += regmatch.rm_eo; if (*data && regmatch.rm_so == regmatch.rm_eo) |