From: Jeff King Date: Thu, 8 Dec 2011 10:25:54 +0000 (-0500) Subject: blame: don't overflow time buffer X-Git-Tag: v1.7.6.5~4 X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=c3ea051544cb1d98a5ae7f64d077084a9a5db5c1;p=git.git blame: don't overflow time buffer When showing the raw timestamp, we format the numeric seconds-since-epoch into a buffer, followed by the timezone string. This string has come straight from the commit object. A well-formed object should have a timezone string of only a few bytes, but we could be operating on data pushed by a malicious user. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- diff --git a/builtin/blame.c b/builtin/blame.c index 26a5d424b..3e1f7e1e4 100644 --- a/builtin/blame.c +++ b/builtin/blame.c @@ -1598,7 +1598,7 @@ static const char *format_time(unsigned long time, const char *tz_str, int tz; if (show_raw_time) { - sprintf(time_buf, "%lu %s", time, tz_str); + snprintf(time_buf, sizeof(time_buf), "%lu %s", time, tz_str); } else { tz = atoi(tz_str);