pp_header(): work around possible memory corruption

add_user_info() possibly adds way more than just the commit header line.
In fact, it sometimes needs so much more space that there is a buffer
overrun, leading to an ugly crash. For example, the date is printed in its
own line, and usually takes up more space than the equivalent Unix epoch.

So, for good measure, add 80 characters (a full line) to the allocated
space, in addition to the header line length.

Signed-off-by: Johannes Schindelin <Johannes.Schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/commit.c b/commit.c
index 40c87a7471ba3520d5543fa07280c9277a832672..dbb28b593f3b3b723a619882f1a0b11f124c1807 100644 (file)
--- a/commit.c
+++ b/commit.c
@@ -997,7 +997,7 @@ static void pp_header(enum cmit_fmt fmt,
                        len = linelen;
                        if (fmt == CMIT_FMT_EMAIL)
                                len = bound_rfc2047(linelen, encoding);
-                       ALLOC_GROW(*buf_p, *ofs_p + len, *space_p);
+                       ALLOC_GROW(*buf_p, *ofs_p + len + 80, *space_p);
                        dst = *buf_p + *ofs_p;
                        *ofs_p += add_user_info("Author", fmt, dst,
                                                line + 7, dmode, encoding);
@@ -1008,7 +1008,7 @@ static void pp_header(enum cmit_fmt fmt,
                        len = linelen;
                        if (fmt == CMIT_FMT_EMAIL)
                                len = bound_rfc2047(linelen, encoding);
-                       ALLOC_GROW(*buf_p, *ofs_p + len, *space_p);
+                       ALLOC_GROW(*buf_p, *ofs_p + len + 80, *space_p);
                        dst = *buf_p + *ofs_p;
                        *ofs_p += add_user_info("Commit", fmt, dst,
                                                line + 10, dmode, encoding);