![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7bc70a5)
raw | patch | inline | side by side (parent: 7bc70a5)
| author | Johannes Schindelin <Johannes.Schindelin@gmx.de> | |
| Tue, 2 May 2006 01:31:02 +0000 (03:31 +0200) | ||
| committer | Junio C Hamano <junkio@cox.net> | |
| Tue, 2 May 2006 05:14:03 +0000 (22:14 -0700) |
On one of my systems, sscanf() first calls strlen() on the buffer. But
this buffer is not terminated by NUL. So git crashed.
strtol() does not share that problem, as it stops reading after the
first non-digit.
[jc: original patch was wrong and did not read the cache-tree
structure correctly; this has been fixed up and tested minimally
with fsck-objects. ]
Signed-off-by: Johannes Schindelin <Johannes.Schindelin@gmx.de>
Signed-off-by: Junio C Hamano <junkio@cox.net>
this buffer is not terminated by NUL. So git crashed.
strtol() does not share that problem, as it stops reading after the
first non-digit.
[jc: original patch was wrong and did not read the cache-tree
structure correctly; this has been fixed up and tested minimally
with fsck-objects. ]
Signed-off-by: Johannes Schindelin <Johannes.Schindelin@gmx.de>
Signed-off-by: Junio C Hamano <junkio@cox.net>
| cache-tree.c | patch | blob | history |
diff --git a/cache-tree.c b/cache-tree.c
index 28b78f88effe9ea766ff780fc948592c5fab51bf..e452238ba7db47c08bd732dd425cb3be4c8bd73d 100644 (file)
--- a/cache-tree.c
+++ b/cache-tree.c
{
const char *buf = *buffer;
unsigned long size = *size_p;
+ const char *cp;
+ char *ep;
struct cache_tree *it;
int i, subtree_nr;
goto free_return;
buf++; size--;
it = cache_tree();
- if (sscanf(buf, "%d %d\n", &it->entry_count, &subtree_nr) != 2)
+
+ cp = buf;
+ it->entry_count = strtol(cp, &ep, 10);
+ if (cp == ep)
+ goto free_return;
+ cp = ep;
+ subtree_nr = strtol(cp, &ep, 10);
+ if (cp == ep)
goto free_return;
while (size && *buf && *buf != '\n') {
size--;