diff options
author | Patrick Steinhardt <ps@pks.im> | 2016-03-01 19:11:33 +0100 |
---|---|---|
committer | Patrick Steinhardt <ps@pks.im> | 2016-03-11 12:14:02 +0100 |
commit | 486302d6af009d8c62fa1bd1d5b1ff2b36c31189 (patch) | |
tree | ba09b25de016275696948becdae15d22dda552a6 | |
parent | 3fe5768b061f319a4f8fa55c25614a31767d2208 (diff) | |
download | libgit2-486302d6af009d8c62fa1bd1d5b1ff2b36c31189.tar.gz |
submodule: avoid passing NULL pointers to strncmp
In C89 it is undefined behavior to pass `NULL` pointers to
`strncmp` and later on in C99 it has been explicitly stated that
functions with an argument declared as `size_t nmemb` specifying
the array length shall always have valid parameters, no matter if
`nmemb` is 0 or not (see ISO 9899 ยง7.21.1.2).
The function `str_equal_no_trailing_slash` always passes its
parameters to `strncmp` if their lengths match. This means if one
parameter is `NULL` and the other one either `NULL` or a string
with length 0 we will pass the pointers to `strncmp` and cause
undefined behavior.
Fix this by explicitly handling the case when both lengths are 0.
-rw-r--r-- | src/submodule.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/submodule.c b/src/submodule.c index 38db41529..3f39b9ef0 100644 --- a/src/submodule.c +++ b/src/submodule.c @@ -80,7 +80,8 @@ static kh_inline int str_equal_no_trailing_slash(const char *a, const char *b) if (blen > 0 && b[blen - 1] == '/') blen--; - return (alen == blen && strncmp(a, b, alen) == 0); + return (alen == 0 && blen == 0) || + (alen == blen && strncmp(a, b, alen) == 0); } __KHASH_IMPL( |