convert: Safer handling of $Id$ contraction.

The code to contract $Id:xxxxx$ strings could eat an arbitrary amount
of source text if the terminating $ was lost. It now refuses to
contract $Id:xxxxx$ strings spanning multiple lines.

Signed-off-by: Henrik Grubbström <grubba@grubba.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/convert.c b/convert.c
index 4f8fcb7bbb00b66f1eaa354119784e6ef57e1eb4..239fa0ab959c938ce2e3cd5c5a0888c00631dc7c 100644 (file)
--- a/convert.c
+++ b/convert.c
@@ -425,6 +425,8 @@ static int count_ident(const char *cp, unsigned long size)
                                cnt++;
                                break;
                        }
+                       if (ch == '\n')
+                               break;
                }
        }
        return cnt;
@@ -455,6 +457,11 @@ static int ident_to_git(const char *path, const char *src, size_t len,
                        dollar = memchr(src + 3, '$', len - 3);
                        if (!dollar)
                                break;
+                       if (memchr(src + 3, '\n', dollar - src - 3)) {
+                               /* Line break before the next dollar. */
+                               continue;
+                       }
+
                        memcpy(dst, "Id$", 3);
                        dst += 3;
                        len -= dollar + 1 - src;
@@ -514,6 +521,11 @@ static int ident_to_worktree(const char *path, const char *src, size_t len,
                                break;
                        }
 
+                       if (memchr(src + 3, '\n', dollar - src - 3)) {
+                               /* Line break before the next dollar. */
+                               continue;
+                       }
+
                        len -= dollar + 1 - src;
                        src  = dollar + 1;
                } else {

diff --git a/t/t0021-conversion.sh b/t/t0021-conversion.sh
index 6cb8d60ea2649495c0e3c8bbb8b7cc75c36799b7..29438c59b98a9265760738af0d95a59c70cd5edf 100755 (executable)
--- a/t/t0021-conversion.sh
+++ b/t/t0021-conversion.sh
@@ -65,17 +65,21 @@ test_expect_success expanded_in_repo '
                echo "\$Id:NoSpaceAtFront \$"
                echo "\$Id:NoSpaceAtEitherEnd\$"
                echo "\$Id: NoTerminatingSymbol"
+               echo "\$Id: Foreign Commit With Spaces \$"
+               echo "\$Id: NoTerminatingSymbolAtEOF"
        } > expanded-keywords &&
 
        {
                echo "File with expanded keywords"
-               echo "\$Id: 4f21723e7b15065df7de95bd46c8ba6fb1818f4c \$"
-               echo "\$Id: 4f21723e7b15065df7de95bd46c8ba6fb1818f4c \$"
-               echo "\$Id: 4f21723e7b15065df7de95bd46c8ba6fb1818f4c \$"
-               echo "\$Id: 4f21723e7b15065df7de95bd46c8ba6fb1818f4c \$"
-               echo "\$Id: 4f21723e7b15065df7de95bd46c8ba6fb1818f4c \$"
-               echo "\$Id: 4f21723e7b15065df7de95bd46c8ba6fb1818f4c \$"
+               echo "\$Id: fd0478f5f1486f3d5177d4c3f6eb2765e8fc56b9 \$"
+               echo "\$Id: fd0478f5f1486f3d5177d4c3f6eb2765e8fc56b9 \$"
+               echo "\$Id: fd0478f5f1486f3d5177d4c3f6eb2765e8fc56b9 \$"
+               echo "\$Id: fd0478f5f1486f3d5177d4c3f6eb2765e8fc56b9 \$"
+               echo "\$Id: fd0478f5f1486f3d5177d4c3f6eb2765e8fc56b9 \$"
+               echo "\$Id: fd0478f5f1486f3d5177d4c3f6eb2765e8fc56b9 \$"
                echo "\$Id: NoTerminatingSymbol"
+               echo "\$Id: fd0478f5f1486f3d5177d4c3f6eb2765e8fc56b9 \$"
+               echo "\$Id: NoTerminatingSymbolAtEOF"
        } > expected-output &&
 
        git add expanded-keywords &&