aboutsummaryrefslogtreecommitdiff
path: root/xdiff-interface.c
diff options
context:
space:
mode:
authorJunio C Hamano <gitster@pobox.com>2016-09-26 16:09:19 -0700
committerJunio C Hamano <gitster@pobox.com>2016-09-26 16:09:19 -0700
commit6a67695268562f67babdb7d5195c8a43cc4015fa (patch)
treeb5bbacc08e466f6de62cf2e9fd450d71ef0ea6c7 /xdiff-interface.c
parent31b83f361bd962e9c5f96bf7714051d77f592af2 (diff)
parentb7d36ffca02c23f545d6e098d78180e6e72dfd8d (diff)
downloadgit-6a67695268562f67babdb7d5195c8a43cc4015fa.tar.gz
git-6a67695268562f67babdb7d5195c8a43cc4015fa.tar.xz
Merge branch 'js/regexec-buf'
Some codepaths in "git diff" used regexec(3) on a buffer that was mmap(2)ed, which may not have a terminating NUL, leading to a read beyond the end of the mapped region. This was fixed by introducing a regexec_buf() helper that takes a <ptr,len> pair with REG_STARTEND extension. * js/regexec-buf: regex: use regexec_buf() regex: add regexec_buf() that can work on a non NUL-terminated string regex: -G<pattern> feeds a non NUL-terminated string to regexec() and fails
Diffstat (limited to 'xdiff-interface.c')
-rw-r--r--xdiff-interface.c13
1 files changed, 4 insertions, 9 deletions
diff --git a/xdiff-interface.c b/xdiff-interface.c
index 3bfc69cad..060038c2d 100644
--- a/xdiff-interface.c
+++ b/xdiff-interface.c
@@ -214,11 +214,10 @@ struct ff_regs {
static long ff_regexp(const char *line, long len,
char *buffer, long buffer_size, void *priv)
{
- char *line_buffer;
struct ff_regs *regs = priv;
regmatch_t pmatch[2];
int i;
- int result = -1;
+ int result;
/* Exclude terminating newline (and cr) from matching */
if (len > 0 && line[len-1] == '\n') {
@@ -228,18 +227,16 @@ static long ff_regexp(const char *line, long len,
len--;
}
- line_buffer = xstrndup(line, len); /* make NUL terminated */
-
for (i = 0; i < regs->nr; i++) {
struct ff_reg *reg = regs->array + i;
- if (!regexec(&reg->re, line_buffer, 2, pmatch, 0)) {
+ if (!regexec_buf(&reg->re, line, len, 2, pmatch, 0)) {
if (reg->negate)
- goto fail;
+ return -1;
break;
}
}
if (regs->nr <= i)
- goto fail;
+ return -1;
i = pmatch[1].rm_so >= 0 ? 1 : 0;
line += pmatch[i].rm_so;
result = pmatch[i].rm_eo - pmatch[i].rm_so;
@@ -248,8 +245,6 @@ static long ff_regexp(const char *line, long len,
while (result > 0 && (isspace(line[result - 1])))
result--;
memcpy(buffer, line, result);
- fail:
- free(line_buffer);
return result;
}