diff options
| author | Nguyễn Thái Ngọc Duy <pclouds@gmail.com> | 2014-08-10 07:05:21 (GMT) |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2014-08-11 18:52:22 (GMT) |
| commit | 430875969a5229c1d306e4cc5acc8c8afe2b50a3 (patch) | |
| tree | 294c02ed6043b05aadb2d643020de2bbfc0b32b6 /utf8.c | |
| parent | 32f56600bb6ac6fc57183e79d2c1515dfa56672f (diff) | |
| download | git-430875969a5229c1d306e4cc5acc8c8afe2b50a3.zip git-430875969a5229c1d306e4cc5acc8c8afe2b50a3.tar.gz git-430875969a5229c1d306e4cc5acc8c8afe2b50a3.tar.bz2 | |
utf8.c: fix strbuf_utf8_replace() consuming data beyond input string
The main loop in strbuf_utf8_replace() could summed up as:
while ('src' is still valid) {
1) advance 'src' to copy ANSI escape sequences
2) advance 'src' to copy/replace visible characters
}
The problem is after #1, 'src' may have reached the end of the string
(so 'src' points to NUL) and #2 will continue to copy that NUL as if
it's a normal character. Because the output is stored in a strbuf,
this NUL accounted in the 'len' field as well. Check after #1 and
break the loop if necessary.
The test does not look obvious, but the combination of %>>() should
make a call trace like this
show_log()
pretty_print_commit()
format_commit_message()
strbuf_expand()
format_commit_item()
format_and_pad_commit()
strbuf_utf8_replace()
where %C(auto)%d would insert a color reset escape sequence in the end
of the string given to strbuf_utf8_replace() and show_log() uses
fwrite() to send everything to stdout (including the incorrect NUL
inserted by strbuf_utf8_replace)
Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'utf8.c')
| -rw-r--r-- | utf8.c | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -444,6 +444,9 @@ void strbuf_utf8_replace(struct strbuf *sb_src, int pos, int width, dst += n; } + if (src >= end) + break; + old = src; n = utf8_width((const char**)&src, NULL); if (!src) /* broken utf-8, do nothing */ |