From 34fc5cefa7068492d5103b40dca1b55f69986eb8 Mon Sep 17 00:00:00 2001 From: Linus Torvalds Date: Mon, 26 Feb 2007 11:10:59 -0800 Subject: mailinfo: do not get confused with logical lines that are too long. It basically considers all the continuation lines to be lines of their own, and if the total line is bigger than what we can fit in it, we just truncate the result rather than stop in the middle and then get confused when we try to parse the "next" line (which is just the remainder of the first line). [jc: added test, and tightened boundary a bit per list discussion.] Signed-off-by: Linus Torvalds Signed-off-by: Junio C Hamano diff --git a/builtin-mailinfo.c b/builtin-mailinfo.c index 583da38b6..cf5ef29 100644 --- a/builtin-mailinfo.c +++ b/builtin-mailinfo.c @@ -406,6 +406,11 @@ static int is_rfc2822_header(char *line) */ int ch; char *cp = line; + + /* Count mbox From headers as headers */ + if (!memcmp(line, "From ", 5) || !memcmp(line, ">From ", 6)) + return 1; + while ((ch = *cp++)) { if (ch == ':') return cp != line; @@ -417,30 +422,61 @@ static int is_rfc2822_header(char *line) return 0; } +/* + * sz is size of 'line' buffer in bytes. Must be reasonably + * long enough to hold one physical real-world e-mail line. + */ static int read_one_header_line(char *line, int sz, FILE *in) { - int ofs = 0; - while (ofs < sz) { - int peek, len; - if (fgets(line + ofs, sz - ofs, in) == NULL) - break; - len = eatspace(line + ofs); - if ((len == 0) || !is_rfc2822_header(line)) { - /* Re-add the newline */ - line[ofs + len] = '\n'; - line[ofs + len + 1] = '\0'; - break; - } - ofs += len; - /* Yuck, 2822 header "folding" */ + int len; + + /* + * We will read at most (sz-1) bytes and then potentially + * re-add NUL after it. Accessing line[sz] after this is safe + * and we can allow len to grow up to and including sz. + */ + sz--; + + /* Get the first part of the line. */ + if (!fgets(line, sz, in)) + return 0; + + /* + * Is it an empty line or not a valid rfc2822 header? + * If so, stop here, and return false ("not a header") + */ + len = eatspace(line); + if (!len || !is_rfc2822_header(line)) { + /* Re-add the newline */ + line[len] = '\n'; + line[len + 1] = '\0'; + return 0; + } + + /* + * Now we need to eat all the continuation lines.. + * Yuck, 2822 header "folding" + */ + for (;;) { + int peek, addlen; + static char continuation[1000]; + peek = fgetc(in); ungetc(peek, in); if (peek != ' ' && peek != '\t') break; + if (!fgets(continuation, sizeof(continuation), in)) + break; + addlen = eatspace(continuation); + if (len < sz - 1) { + if (addlen >= sz - len) + addlen = sz - len - 1; + memcpy(line + len, continuation, addlen); + len += addlen; + } } - /* Count mbox From headers as headers */ - if (!ofs && (!memcmp(line, "From ", 5) || !memcmp(line, ">From ", 6))) - ofs = 1; - return ofs; + line[len] = 0; + + return 1; } static int decode_q_segment(char *in, char *ot, char *ep, int rfc2047) diff --git a/t/t5100-mailinfo.sh b/t/t5100-mailinfo.sh index 17c1b80..4d2b781 100755 --- a/t/t5100-mailinfo.sh +++ b/t/t5100-mailinfo.sh @@ -11,7 +11,7 @@ test_expect_success 'split sample box' \ 'git-mailsplit -o. ../t5100/sample.mbox >last && last=`cat last` && echo total is $last && - test `cat last` = 5' + test `cat last` = 6' for mail in `echo 00*` do diff --git a/t/t5100/info0006 b/t/t5100/info0006 new file mode 100644 index 0000000..8c05277 --- /dev/null +++ b/t/t5100/info0006 @@ -0,0 +1,5 @@ +Author: A U Thor +Email: a.u.thor@example.com +Subject: a commit. +Date: Fri, 9 Jun 2006 00:44:16 -0700 + diff --git a/t/t5100/msg0006 b/t/t5100/msg0006 new file mode 100644 index 0000000..b275a9a --- /dev/null +++ b/t/t5100/msg0006 @@ -0,0 +1,2 @@ +Here is a patch from A U Thor. + diff --git a/t/t5100/patch0006 b/t/t5100/patch0006 new file mode 100644 index 0000000..8ce1551 --- /dev/null +++ b/t/t5100/patch0006 @@ -0,0 +1,14 @@ +--- + foo | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/foo b/foo +index 9123cdc..918dcf8 100644 +--- a/foo ++++ b/foo +@@ -1 +1 @@ +-Fri Jun 9 00:44:04 PDT 2006 ++Fri Jun 9 00:44:13 PDT 2006 +-- +1.4.0.g6f2b + diff --git a/t/t5100/sample.mbox b/t/t5100/sample.mbox index a768454..86bfc27 100644 --- a/t/t5100/sample.mbox +++ b/t/t5100/sample.mbox @@ -315,3 +315,74 @@ To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html +From nobody Mon Sep 17 00:00:00 2001 +From: A U Thor +References: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Date: Fri, 9 Jun 2006 00:44:16 -0700 +Subject: [PATCH] a commit. + +Here is a patch from A U Thor. + +--- + foo | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/foo b/foo +index 9123cdc..918dcf8 100644 +--- a/foo ++++ b/foo +@@ -1 +1 @@ +-Fri Jun 9 00:44:04 PDT 2006 ++Fri Jun 9 00:44:13 PDT 2006 +-- +1.4.0.g6f2b + -- cgit v0.10.2-6-g49f6 From ee24ee55c28e46b502e4e2d219feced5a5d67e6b Mon Sep 17 00:00:00 2001 From: Jim Meyering Date: Tue, 27 Feb 2007 00:11:35 +0100 Subject: diff --cc: integer overflow given a 2GB-or-larger file Few of us use git to compare or even version-control 2GB files, but when we do, we'll want it to work. Reading a recent patch, I noticed two lines like this: int len = st.st_size; Instead of "int", that should be "size_t". Otherwise, in the non-symlink case, with 64-bit size_t, if the file's size is 2GB, the following xmalloc will fail: result = xmalloc(len + 1); trying to allocate 2^64 - 2^31 + 1 bytes (assuming sign-extension in the int-to-size_t promotion). And even if it didn't fail, the subsequent "result[len] = 0;" would be equivalent to an unpleasant "result[-2147483648] = 0;" The other nearby "int"-declared size variable, sz, should also be of type size_t, for the same reason. If sz ever wraps around and becomes negative, xread will corrupt memory _before_ the "result" buffer. Signed-off-by: Jim Meyering Signed-off-by: Junio C Hamano diff --git a/combine-diff.c b/combine-diff.c index 6b7c6be..044633d 100644 --- a/combine-diff.c +++ b/combine-diff.c @@ -684,7 +684,7 @@ static void show_patch_diff(struct combine_diff_path *elem, int num_parent, goto deleted_file; if (S_ISLNK(st.st_mode)) { - int len = st.st_size; + size_t len = st.st_size; result_size = len; result = xmalloc(len + 1); if (result_size != readlink(elem->path, result, len)) { @@ -697,8 +697,8 @@ static void show_patch_diff(struct combine_diff_path *elem, int num_parent, } else if (0 <= (fd = open(elem->path, O_RDONLY)) && !fstat(fd, &st)) { - int len = st.st_size; - int sz = 0; + size_t len = st.st_size; + size_t sz = 0; elem->mode = canon_mode(st.st_mode); result_size = len; -- cgit v0.10.2-6-g49f6 From 63e50d492c658b4a0d616f57f8b43a7a9ba1bbcc Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Tue, 27 Feb 2007 01:31:42 -0800 Subject: git-apply: do not fix whitespaces on context lines. Internal function apply_line() is called to copy both context lines and added lines to the output buffer, while possibly fixing the whitespace breakages depending on --whitespace=strip settings. However, it did its fix-up on both context lines and added lines. This resulted in two symptoms: (1) The number of lines reported to have been fixed up included these context lines. (2) However, the lines actually shown were limited to the added lines that had whitespace breakages. Signed-off-by: Junio C Hamano diff --git a/builtin-apply.c b/builtin-apply.c index abe3538..bec95d6 100644 --- a/builtin-apply.c +++ b/builtin-apply.c @@ -1539,7 +1539,8 @@ static int apply_line(char *output, const char *patch, int plen) int need_fix_leading_space = 0; char *buf; - if ((new_whitespace != strip_whitespace) || !whitespace_error) { + if ((new_whitespace != strip_whitespace) || !whitespace_error || + *patch != '+') { memcpy(output, patch + 1, plen); return plen; } -- cgit v0.10.2-6-g49f6