From 772e47cd673e048adb0f7b663617ec70e0cfe598 Mon Sep 17 00:00:00 2001 From: Andrew Wong Date: Thu, 7 Mar 2013 11:36:03 -0500 Subject: setup.c: stop prefix_pathspec() from looping past the end of string The code assumes that the string ends at either `)` or `,`, and does not handle the case where strcspn() returns length due to end of string. So specifying ":(top" as pathspec will cause the loop to go past the end of string. Signed-off-by: Andrew Wong Signed-off-by: Junio C Hamano --- setup.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'setup.c') diff --git a/setup.c b/setup.c index 3a1b2fd45..e61458a7d 100644 --- a/setup.c +++ b/setup.c @@ -199,10 +199,11 @@ static const char *prefix_pathspec(const char *prefix, int prefixlen, const char *copyfrom && *copyfrom != ')'; copyfrom = nextat) { size_t len = strcspn(copyfrom, ",)"); - if (copyfrom[len] == ')') - nextat = copyfrom + len; - else + if (copyfrom[len] == ',') nextat = copyfrom + len + 1; + else + /* handle ')' and '\0' */ + nextat = copyfrom + len; if (!len) continue; for (i = 0; i < ARRAY_SIZE(pathspec_magic); i++) -- cgit v1.2.1 From f612a67eac32d73d781503d39077371977d46eae Mon Sep 17 00:00:00 2001 From: Andrew Wong Date: Sat, 9 Mar 2013 18:46:00 -0500 Subject: setup.c: check that the pathspec magic ends with ")" The previous code did not diagnose an incorrectly spelled ":(top" as an error. Signed-off-by: Andrew Wong Signed-off-by: Junio C Hamano --- setup.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'setup.c') diff --git a/setup.c b/setup.c index e61458a7d..da0d8c80b 100644 --- a/setup.c +++ b/setup.c @@ -216,8 +216,9 @@ static const char *prefix_pathspec(const char *prefix, int prefixlen, const char die("Invalid pathspec magic '%.*s' in '%s'", (int) len, copyfrom, elt); } - if (*copyfrom == ')') - copyfrom++; + if (*copyfrom != ')') + die("Missing ')' at the end of pathspec magic in '%s'", elt); + copyfrom++; } else { /* shorthand */ for (copyfrom = elt + 1; -- cgit v1.2.1