diff options
| author | Jeff King <peff@peff.net> | 2025-11-18 04:12:20 -0500 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2025-11-18 09:36:11 -0800 |
| commit | 0b6ec075df2ac77a4792b8b1a7290a36b636012b (patch) | |
| tree | 896827dd47d8e3fa57669c21765d443d1ddc7263 /t/t4018/php-abstract-class | |
| parent | c4c9089584d0ed04978e8d0945b2ba2985e67bd3 (diff) | |
fsck: assert newline presence in fsck_ident()
The fsck code purports to handle buffers that are not NUL-terminated,
but fsck_ident() uses some string functions. This works OK in practice,
as explained in 8e4309038f (fsck: do not assume NUL-termination of
buffers, 2023-01-19). Before calling fsck_ident() we'll have called
verify_headers(), which makes sure we have at least a trailing newline.
And none of our string-like functions will walk past that newline.
However, that makes this code at the top of fsck_ident() very confusing:
*ident = strchrnul(*ident, '\n');
if (**ident == '\n')
(*ident)++;
We should always see that newline, or our memory safety assumptions have
been violated! Further, using strchrnul() is weird, since the whole
point is that if the newline is not there, we don't necessarily have a
NUL at all, and might read off the end of the buffer.
So let's have callers pass in the boundary of our buffer, which lets us
safely find the newline with memchr(). And if it is not there, this is a
BUG(), because it means our caller did not validate the input with
verify_headers() as it was supposed to (and we are better off bailing
rather than having memory-safety problems).
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 't/t4018/php-abstract-class')
0 files changed, 0 insertions, 0 deletions