path: root/diffcore-order.c
diff options
authorAntoine Pelisse <>2013-12-14 11:31:16 (GMT)
committerJunio C Hamano <>2013-12-16 22:06:19 (GMT)
commitfc2b6214542a46f97d7067b2f7df530ed37737a7 (patch)
tree9cccda70e6bd31c1a33880ca18e239c2eb8f89bf /diffcore-order.c
parentd7aced95cd681b761468635f8d2a8b82d7ed26fd (diff)
Prevent buffer overflows when path is too long
Some buffers created with PATH_MAX length are not checked when being written, and can overflow if PATH_MAX is not big enough to hold the path. Replace those buffers by strbufs so that their size is automatically grown if necessary. They are created as static local variables to avoid reallocating memory on each call. Note that prefix_filename() returns this static buffer so each callers should copy or use the string immediately (this is currently true). Reported-by: Wataru Noguchi <> Signed-off-by: Antoine Pelisse <> Signed-off-by: Junio C Hamano <>
Diffstat (limited to 'diffcore-order.c')
1 files changed, 6 insertions, 5 deletions
diff --git a/diffcore-order.c b/diffcore-order.c
index 23e9385..50c089b 100644
--- a/diffcore-order.c
+++ b/diffcore-order.c
@@ -73,15 +73,16 @@ struct pair_order {
static int match_order(const char *path)
int i;
- char p[PATH_MAX];
+ static struct strbuf p = STRBUF_INIT;
for (i = 0; i < order_cnt; i++) {
- strcpy(p, path);
- while (p[0]) {
+ strbuf_reset(&p);
+ strbuf_addstr(&p, path);
+ while (p.buf[0]) {
char *cp;
- if (!fnmatch(order[i], p, 0))
+ if (!fnmatch(order[i], p.buf, 0))
return i;
- cp = strrchr(p, '/');
+ cp = strrchr(p.buf, '/');
if (!cp)
*cp = 0;