diff options
author | Patrick Steinhardt <ps@pks.im> | 2016-03-01 15:35:45 +0100 |
---|---|---|
committer | Patrick Steinhardt <ps@pks.im> | 2016-03-11 12:14:01 +0100 |
commit | 61d7328dc373e80db17fbebe36fb11b32efc047a (patch) | |
tree | 18ce1d8964219281df8bc99ff232393a2050bbd4 | |
parent | e126bc95cd296767ae6c372abb3d4c87ca359a57 (diff) | |
download | libgit2-61d7328dc373e80db17fbebe36fb11b32efc047a.tar.gz |
object: avoid call of memset with ouf of bounds pointer
When computing a short OID we do this by first copying the
leading parts into the new OID structure and then setting the
trailing part to zero. In the case of the desired length being
`GIT_OID_HEXSZ - 1` we will call `memset` with an out of bounds
pointer and a length of 0. While this seems to cause no problems
for common platforms the C89 standard does not explicitly state
that calling `memset` with an out of bounds pointer and
length of 0 is valid.
Fix the potential issue by using the newly introduced
`git_oid__cpy_prefix` function.
-rw-r--r-- | src/object.c | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/src/object.c b/src/object.c index ebf77fb47..1d45f9f1b 100644 --- a/src/object.c +++ b/src/object.c @@ -12,6 +12,7 @@ #include "commit.h" #include "tree.h" #include "blob.h" +#include "oid.h" #include "tag.h" bool git_object__strict_input_validation = true; @@ -166,13 +167,9 @@ int git_object_lookup_prefix( error = git_odb_read(&odb_obj, odb, id); } } else { - git_oid short_oid; + git_oid short_oid = {{ 0 }}; - /* We copy the first len*4 bits from id and fill the remaining with 0s */ - memcpy(short_oid.id, id->id, (len + 1) / 2); - if (len % 2) - short_oid.id[len / 2] &= 0xF0; - memset(short_oid.id + (len + 1) / 2, 0, (GIT_OID_HEXSZ - len) / 2); + git_oid__cpy_prefix(&short_oid, id, len); /* If len < GIT_OID_HEXSZ (a strict short oid was given), we have * 2 options : |