From 48e510b6a29b1066016cbbee75c0b196174a88d4 Mon Sep 17 00:00:00 2001 From: Jim Meyering Date: Mon, 16 Apr 2012 17:20:02 +0200 Subject: diff: avoid stack-buffer-read-overrun for very long name Due to the use of strncpy without explicit NUL termination, we could end up passing names n1 or n2 that are not NUL-terminated to queue_diff, which requires NUL-terminated strings. Ensure that each is NUL terminated. Signed-off-by: Jim Meyering Signed-off-by: Junio C Hamano --- diff-no-index.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/diff-no-index.c b/diff-no-index.c index 3a36144687..5cd3ff5848 100644 --- a/diff-no-index.c +++ b/diff-no-index.c @@ -109,6 +109,7 @@ static int queue_diff(struct diff_options *o, n1 = buffer1; strncpy(buffer1 + len1, p1.items[i1++].string, PATH_MAX - len1); + buffer1[PATH_MAX-1] = 0; } if (comp < 0) @@ -117,6 +118,7 @@ static int queue_diff(struct diff_options *o, n2 = buffer2; strncpy(buffer2 + len2, p2.items[i2++].string, PATH_MAX - len2); + buffer2[PATH_MAX-1] = 0; } ret = queue_diff(o, n1, n2); -- cgit v1.2.1