Code

blame: don't overflow time buffer
authorJeff King <peff@peff.net>
Thu, 8 Dec 2011 10:25:54 +0000 (05:25 -0500)
committerJunio C Hamano <gitster@pobox.com>
Wed, 14 Dec 2011 05:09:06 +0000 (21:09 -0800)
commitc3ea051544cb1d98a5ae7f64d077084a9a5db5c1
tree949d8dc8bed5d4647af0f41ac37b462f4c1163e5
parentc2857fb8b7903b2bba9217310971e5282549174d
blame: don't overflow time buffer

When showing the raw timestamp, we format the numeric
seconds-since-epoch into a buffer, followed by the timezone
string. This string has come straight from the commit
object. A well-formed object should have a timezone string
of only a few bytes, but we could be operating on data
pushed by a malicious user.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
builtin/blame.c