There are 9 places where prefix_path is called, and only in one of
them the returned pointer was checked to be non-zero and only to
call exit(128) as it is usually done by die(). In other 8 places,
the returned value was not checked and it caused SIGSEGV when a
path outside of the working tree was used. For instance, running
git update-index --add /some/path/outside
caused SIGSEGV.
This patch changes prefix_path() to die if the path is outside of
the repository, so it never returns NULL.
Signed-off-by: Dmitry Potapov <dpotapov@gmail.com>
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
if (strncmp(sanitized, work_tree, len) ||
(sanitized[len] != '\0' && sanitized[len] != '/')) {
error_out:
- error("'%s' is outside repository", orig);
- free(sanitized);
- return NULL;
+ die("'%s' is outside repository", orig);
}
if (sanitized[len] == '/')
len++;
prefixlen = prefix ? strlen(prefix) : 0;
while (*src) {
const char *p = prefix_path(prefix, prefixlen, *src);
- if (p)
- *(dst++) = p;
- else
- exit(128); /* error message already given */
+ *(dst++) = p;
src++;
}
*dst = NULL;