From 0111ea38cbb9db0e4e245dcd5c86198186bab197 Mon Sep 17 00:00:00 2001
From: Johannes Schindelin <Johannes.Schindelin@gmx.de>
Date: Tue, 2 May 2006 03:31:02 +0200
Subject: [PATCH 1/2] cache-tree: replace a sscanf() by two strtol() calls

On one of my systems, sscanf() first calls strlen() on the buffer. But
this buffer is not terminated by NUL. So git crashed.

strtol() does not share that problem, as it stops reading after the
first non-digit.

[jc: original patch was wrong and did not read the cache-tree
 structure correctly; this has been fixed up and tested minimally
 with fsck-objects. ]

Signed-off-by: Johannes Schindelin <Johannes.Schindelin@gmx.de>
Signed-off-by: Junio C Hamano <junkio@cox.net>
---
 cache-tree.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/cache-tree.c b/cache-tree.c
index 28b78f88ef..e452238ba7 100644
--- a/cache-tree.c
+++ b/cache-tree.c
@@ -440,6 +440,8 @@ static struct cache_tree *read_one(const char **buffer, unsigned long *size_p)
 {
 	const char *buf = *buffer;
 	unsigned long size = *size_p;
+	const char *cp;
+	char *ep;
 	struct cache_tree *it;
 	int i, subtree_nr;
 
@@ -453,7 +455,14 @@ static struct cache_tree *read_one(const char **buffer, unsigned long *size_p)
 		goto free_return;
 	buf++; size--;
 	it = cache_tree();
-	if (sscanf(buf, "%d %d\n", &it->entry_count, &subtree_nr) != 2)
+
+	cp = buf;
+	it->entry_count = strtol(cp, &ep, 10);
+	if (cp == ep)
+		goto free_return;
+	cp = ep;
+	subtree_nr = strtol(cp, &ep, 10);
+	if (cp == ep)
 		goto free_return;
 	while (size && *buf && *buf != '\n') {
 		size--;

From cdc08b33ef3da0e963f9956e4a66f67cc3330f83 Mon Sep 17 00:00:00 2001
From: Junio C Hamano <junkio@cox.net>
Date: Mon, 1 May 2006 22:15:54 -0700
Subject: [PATCH 2/2] fsck-objects: mark objects reachable from cache-tree

When fsck-objects scanned cache-tree, it forgot to mark the
trees it found reachable and in use.

Signed-off-by: Junio C Hamano <junkio@cox.net>
---
 fsck-objects.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fsck-objects.c b/fsck-objects.c
index cc09143a92..98421aab30 100644
--- a/fsck-objects.c
+++ b/fsck-objects.c
@@ -446,6 +446,8 @@ static int fsck_cache_tree(struct cache_tree *it)
 
 	if (0 <= it->entry_count) {
 		struct object *obj = parse_object(it->sha1);
+		mark_reachable(obj, REACHABLE);
+		obj->used = 1;
 		if (obj->type != tree_type)
 			err |= objerror(obj, "non-tree in cache-tree");
 	}