From 3324dd8f267cb59cdd42ac33727b6844921d5017 Mon Sep 17 00:00:00 2001
From: Johannes Schindelin <johannes.schindelin@gmx.de>
Date: Wed, 29 Jun 2016 16:14:54 +0200
Subject: commit -S: avoid invalid pointer with empty message

While it is not recommended, fsck.c says:

	Not having a body is not a crime [...]

... which means that we cannot assume that the commit buffer
contains an empty line to separate header from body.  A commit
object with only a header without any body, not even without
a blank line after the header, is valid.

So let's tread carefully here.  strstr("\n\n") may find nothing
and return NULL.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
 commit.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/commit.c b/commit.c
index d1810c940b..ee7f0cb029 100644
--- a/commit.c
+++ b/commit.c
@@ -1092,9 +1092,14 @@ static int do_sign_commit(struct strbuf *buf, const char *keyid)
 {
 	struct strbuf sig = STRBUF_INIT;
 	int inspos, copypos;
+	const char *eoh;
 
 	/* find the end of the header */
-	inspos = strstr(buf->buf, "\n\n") - buf->buf + 1;
+	eoh = strstr(buf->buf, "\n\n");
+	if (!eoh)
+		inspos = buf->len;
+	else
+		inspos = eoh - buf->buf + 1;
 
 	if (!keyid || !*keyid)
 		keyid = get_signing_key();
-- 
cgit v1.2.1