From 872c930dcb048c1a2b50e6ce881c521dcee15e23 Mon Sep 17 00:00:00 2001 From: Jim Meyering Date: Fri, 4 Jan 2008 18:37:41 +0100 Subject: [PATCH] Don't access line[-1] for a zero-length "line" from fgets. A NUL byte at beginning of file, or just after a newline would provoke an invalid buf[-1] access in a few places. * builtin-grep.c (cmd_grep): Don't access buf[-1]. * builtin-pack-objects.c (get_object_list): Likewise. * builtin-rev-list.c (read_revisions_from_stdin): Likewise. * bundle.c (read_bundle_header): Likewise. * server-info.c (read_pack_info_file): Likewise. * transport.c (insert_packed_refs): Likewise. Signed-off-by: Jim Meyering Signed-off-by: Junio C Hamano --- builtin-grep.c | 2 +- builtin-pack-objects.c | 2 +- builtin-rev-list.c | 2 +- bundle.c | 2 +- server-info.c | 2 +- transport.c | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/builtin-grep.c b/builtin-grep.c index f1ff8dc556..0d6cc7361f 100644 --- a/builtin-grep.c +++ b/builtin-grep.c @@ -644,7 +644,7 @@ int cmd_grep(int argc, const char **argv, const char *prefix) die("'%s': %s", argv[1], strerror(errno)); while (fgets(buf, sizeof(buf), patterns)) { int len = strlen(buf); - if (buf[len-1] == '\n') + if (len && buf[len-1] == '\n') buf[len-1] = 0; /* ignore empty line like grep does */ if (!buf[0]) diff --git a/builtin-pack-objects.c b/builtin-pack-objects.c index e0ce114be7..a39cb82c9b 100644 --- a/builtin-pack-objects.c +++ b/builtin-pack-objects.c @@ -2013,7 +2013,7 @@ static void get_object_list(int ac, const char **av) while (fgets(line, sizeof(line), stdin) != NULL) { int len = strlen(line); - if (line[len - 1] == '\n') + if (len && line[len - 1] == '\n') line[--len] = 0; if (!len) break; diff --git a/builtin-rev-list.c b/builtin-rev-list.c index 1cb5f67119..de80158fd4 100644 --- a/builtin-rev-list.c +++ b/builtin-rev-list.c @@ -520,7 +520,7 @@ static void read_revisions_from_stdin(struct rev_info *revs) while (fgets(line, sizeof(line), stdin) != NULL) { int len = strlen(line); - if (line[len - 1] == '\n') + if (len && line[len - 1] == '\n') line[--len] = 0; if (!len) break; diff --git a/bundle.c b/bundle.c index 9b9b9166df..be204d8a22 100644 --- a/bundle.c +++ b/bundle.c @@ -48,7 +48,7 @@ int read_bundle_header(const char *path, struct bundle_header *header) : &header->references; char delim; - if (buffer[len - 1] == '\n') + if (len && buffer[len - 1] == '\n') buffer[len - 1] = '\0'; if (get_sha1_hex(buffer + offset, sha1)) { warning("unrecognized header: %s", buffer); diff --git a/server-info.c b/server-info.c index a051e49a9e..c1c073b2f0 100644 --- a/server-info.c +++ b/server-info.c @@ -101,7 +101,7 @@ static int read_pack_info_file(const char *infofile) while (fgets(line, sizeof(line), fp)) { int len = strlen(line); - if (line[len-1] == '\n') + if (len && line[len-1] == '\n') line[--len] = 0; if (!len) diff --git a/transport.c b/transport.c index 4e151a9e87..babaa21398 100644 --- a/transport.c +++ b/transport.c @@ -118,7 +118,7 @@ static void insert_packed_refs(const char *packed_refs, struct ref **list) if (hexval(buffer[0]) > 0xf) continue; len = strlen(buffer); - if (buffer[len - 1] == '\n') + if (len && buffer[len - 1] == '\n') buffer[--len] = '\0'; if (len < 41) continue;