From: Jim Meyering Date: Mon, 16 Apr 2012 15:20:02 +0000 (+0200) Subject: diff: avoid stack-buffer-read-overrun for very long name X-Git-Tag: v1.7.10.2~34^2~1 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=48e510b6a29b1066016cbbee75c0b196174a88d4;p=git.git diff: avoid stack-buffer-read-overrun for very long name Due to the use of strncpy without explicit NUL termination, we could end up passing names n1 or n2 that are not NUL-terminated to queue_diff, which requires NUL-terminated strings. Ensure that each is NUL terminated. Signed-off-by: Jim Meyering Signed-off-by: Junio C Hamano --- diff --git a/diff-no-index.c b/diff-no-index.c index 3a3614468..5cd3ff584 100644 --- a/diff-no-index.c +++ b/diff-no-index.c @@ -109,6 +109,7 @@ static int queue_diff(struct diff_options *o, n1 = buffer1; strncpy(buffer1 + len1, p1.items[i1++].string, PATH_MAX - len1); + buffer1[PATH_MAX-1] = 0; } if (comp < 0) @@ -117,6 +118,7 @@ static int queue_diff(struct diff_options *o, n2 = buffer2; strncpy(buffer2 + len2, p2.items[i2++].string, PATH_MAX - len2); + buffer2[PATH_MAX-1] = 0; } ret = queue_diff(o, n1, n2);