Don't access line[-1] for a zero-length "line" from fgets.

A NUL byte at beginning of file, or just after a newline
would provoke an invalid buf[-1] access in a few places.

* builtin-grep.c (cmd_grep): Don't access buf[-1].
* builtin-pack-objects.c (get_object_list): Likewise.
* builtin-rev-list.c (read_revisions_from_stdin): Likewise.
* bundle.c (read_bundle_header): Likewise.
* server-info.c (read_pack_info_file): Likewise.
* transport.c (insert_packed_refs): Likewise.

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/builtin-grep.c b/builtin-grep.c
index f1ff8dc556ce6caa1cafe77be41396dd9b7c9ee6..0d6cc7361f6e1a70e4d3d9e24913d60e8ceb9e58 100644 (file)
--- a/builtin-grep.c
+++ b/builtin-grep.c
@@ -644,7 +644,7 @@ int cmd_grep(int argc, const char **argv, const char *prefix)
                                die("'%s': %s", argv[1], strerror(errno));
                        while (fgets(buf, sizeof(buf), patterns)) {
                                int len = strlen(buf);
-                               if (buf[len-1] == '\n')
+                               if (len && buf[len-1] == '\n')
                                        buf[len-1] = 0;
                                /* ignore empty line like grep does */
                                if (!buf[0])

diff --git a/builtin-pack-objects.c b/builtin-pack-objects.c
index e0ce114be7f65307da96bc620d5fb8902b793c73..a39cb82c9beb5c44f59c459bfc6ac384b42b6b3c 100644 (file)
--- a/builtin-pack-objects.c
+++ b/builtin-pack-objects.c
@@ -2013,7 +2013,7 @@ static void get_object_list(int ac, const char **av)
 
        while (fgets(line, sizeof(line), stdin) != NULL) {
                int len = strlen(line);
-               if (line[len - 1] == '\n')
+               if (len && line[len - 1] == '\n')
                        line[--len] = 0;
                if (!len)
                        break;

diff --git a/builtin-rev-list.c b/builtin-rev-list.c
index 1cb5f67119a37b8490c76f4846372ba28a316fbf..de80158fd4762aa692193edb7c0f8e85e6189877 100644 (file)
--- a/builtin-rev-list.c
+++ b/builtin-rev-list.c
@@ -520,7 +520,7 @@ static void read_revisions_from_stdin(struct rev_info *revs)
 
        while (fgets(line, sizeof(line), stdin) != NULL) {
                int len = strlen(line);
-               if (line[len - 1] == '\n')
+               if (len && line[len - 1] == '\n')
                        line[--len] = 0;
                if (!len)
                        break;

diff --git a/bundle.c b/bundle.c
index 9b9b9166df05e984dc571462f333aeaee9cdcd23..be204d8a228ab5218a603cdcf3ebd17e95ad8d90 100644 (file)
--- a/bundle.c
+++ b/bundle.c
@@ -48,7 +48,7 @@ int read_bundle_header(const char *path, struct bundle_header *header)
                        : &header->references;
                char delim;
 
-               if (buffer[len - 1] == '\n')
+               if (len && buffer[len - 1] == '\n')
                        buffer[len - 1] = '\0';
                if (get_sha1_hex(buffer + offset, sha1)) {
                        warning("unrecognized header: %s", buffer);

diff --git a/server-info.c b/server-info.c
index a051e49a9ea2f605bdc278394de731ff4c55e627..c1c073b2f05a48772a45602cdc711eef6e211695 100644 (file)
--- a/server-info.c
+++ b/server-info.c
@@ -101,7 +101,7 @@ static int read_pack_info_file(const char *infofile)
 
        while (fgets(line, sizeof(line), fp)) {
                int len = strlen(line);
-               if (line[len-1] == '\n')
+               if (len && line[len-1] == '\n')
                        line[--len] = 0;
 
                if (!len)

diff --git a/transport.c b/transport.c
index 4e151a9e878b402fd0b70c31057b9bcfcff7d9b7..babaa21398522939076151f1c240a4f18f9a90a1 100644 (file)
--- a/transport.c
+++ b/transport.c
@@ -118,7 +118,7 @@ static void insert_packed_refs(const char *packed_refs, struct ref **list)
                if (hexval(buffer[0]) > 0xf)
                        continue;
                len = strlen(buffer);
-               if (buffer[len - 1] == '\n')
+               if (len && buffer[len - 1] == '\n')
                        buffer[--len] = '\0';
                if (len < 41)
                        continue;