[tokkee]

tokkee.org

Code

projects / git.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 64da6e2)
sha1_name: fix segfault caused by invalid index access
authorMarkus Heidelberg <markus.heidelberg@web.de>
Sun, 28 Feb 2010 15:49:15 +0000 (16:49 +0100)
committerJunio C Hamano <gitster@pobox.com>
Sun, 28 Feb 2010 18:32:06 +0000 (10:32 -0800)
The code to see if user input "git show :path" makes sense tried to access
the index without properly checking the array bound.

Signed-off-by: Markus Heidelberg <markus.heidelberg@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
sha1_name.c patch | blob | history

diff --git a/sha1_name.c b/sha1_name.c
index 43884c69b350426b46ed73ffcfd5fc29cf1da1b1..bf924178380c42a50b2fd7a02ff869dcc3ddff6a 100644 (file)
--- a/sha1_name.c
+++ b/sha1_name.c
@@ -992,13 +992,15 @@ static void diagnose_invalid_index_path(int stage,
        pos = cache_name_pos(filename, namelen);
        if (pos < 0)
                pos = -pos - 1;
-       ce = active_cache[pos];
-       if (ce_namelen(ce) == namelen &&
-           !memcmp(ce->name, filename, namelen))
-               die("Path '%s' is in the index, but not at stage %d.\n"
-                   "Did you mean ':%d:%s'?",
-                   filename, stage,
-                   ce_stage(ce), filename);
+       if (pos < active_nr) {
+               ce = active_cache[pos];
+               if (ce_namelen(ce) == namelen &&
+                   !memcmp(ce->name, filename, namelen))
+                       die("Path '%s' is in the index, but not at stage %d.\n"
+                           "Did you mean ':%d:%s'?",
+                           filename, stage,
+                           ce_stage(ce), filename);
+       }
 
        /* Confusion between relative and absolute filenames? */
        fullnamelen = namelen + strlen(prefix);
@@ -1008,13 +1010,15 @@ static void diagnose_invalid_index_path(int stage,
        pos = cache_name_pos(fullname, fullnamelen);
        if (pos < 0)
                pos = -pos - 1;
-       ce = active_cache[pos];
-       if (ce_namelen(ce) == fullnamelen &&
-           !memcmp(ce->name, fullname, fullnamelen))
-               die("Path '%s' is in the index, but not '%s'.\n"
-                   "Did you mean ':%d:%s'?",
-                   fullname, filename,
-                   ce_stage(ce), fullname);
+       if (pos < active_nr) {
+               ce = active_cache[pos];
+               if (ce_namelen(ce) == fullnamelen &&
+                   !memcmp(ce->name, fullname, fullnamelen))
+                       die("Path '%s' is in the index, but not '%s'.\n"
+                           "Did you mean ':%d:%s'?",
+                           fullname, filename,
+                           ce_stage(ce), fullname);
+       }
 
        if (!lstat(filename, &st))
                die("Path '%s' exists on disk, but not in the index.", filename);
Git - the stupid content tracker