diff options
author | Junio C Hamano <gitster@pobox.com> | 2016-09-26 16:09:19 -0700 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2016-09-26 16:09:19 -0700 |
commit | 6a67695268562f67babdb7d5195c8a43cc4015fa (patch) | |
tree | b5bbacc08e466f6de62cf2e9fd450d71ef0ea6c7 /xdiff-interface.c | |
parent | 31b83f361bd962e9c5f96bf7714051d77f592af2 (diff) | |
parent | b7d36ffca02c23f545d6e098d78180e6e72dfd8d (diff) | |
download | git-6a67695268562f67babdb7d5195c8a43cc4015fa.tar.gz git-6a67695268562f67babdb7d5195c8a43cc4015fa.tar.xz |
Merge branch 'js/regexec-buf'
Some codepaths in "git diff" used regexec(3) on a buffer that was
mmap(2)ed, which may not have a terminating NUL, leading to a read
beyond the end of the mapped region. This was fixed by introducing
a regexec_buf() helper that takes a <ptr,len> pair with REG_STARTEND
extension.
* js/regexec-buf:
regex: use regexec_buf()
regex: add regexec_buf() that can work on a non NUL-terminated string
regex: -G<pattern> feeds a non NUL-terminated string to regexec() and fails
Diffstat (limited to 'xdiff-interface.c')
-rw-r--r-- | xdiff-interface.c | 13 |
1 files changed, 4 insertions, 9 deletions
diff --git a/xdiff-interface.c b/xdiff-interface.c index 3bfc69cad..060038c2d 100644 --- a/xdiff-interface.c +++ b/xdiff-interface.c @@ -214,11 +214,10 @@ struct ff_regs { static long ff_regexp(const char *line, long len, char *buffer, long buffer_size, void *priv) { - char *line_buffer; struct ff_regs *regs = priv; regmatch_t pmatch[2]; int i; - int result = -1; + int result; /* Exclude terminating newline (and cr) from matching */ if (len > 0 && line[len-1] == '\n') { @@ -228,18 +227,16 @@ static long ff_regexp(const char *line, long len, len--; } - line_buffer = xstrndup(line, len); /* make NUL terminated */ - for (i = 0; i < regs->nr; i++) { struct ff_reg *reg = regs->array + i; - if (!regexec(®->re, line_buffer, 2, pmatch, 0)) { + if (!regexec_buf(®->re, line, len, 2, pmatch, 0)) { if (reg->negate) - goto fail; + return -1; break; } } if (regs->nr <= i) - goto fail; + return -1; i = pmatch[1].rm_so >= 0 ? 1 : 0; line += pmatch[i].rm_so; result = pmatch[i].rm_eo - pmatch[i].rm_so; @@ -248,8 +245,6 @@ static long ff_regexp(const char *line, long len, while (result > 0 && (isspace(line[result - 1]))) result--; memcpy(buffer, line, result); - fail: - free(line_buffer); return result; } |