From 77e8466fb98b95ea07d386d64073d0bc6304b37f Mon Sep 17 00:00:00 2001 From: Markus Heidelberg Date: Sun, 28 Feb 2010 16:49:15 +0100 Subject: [PATCH] sha1_name: fix segfault caused by invalid index access The code to see if user input "git show :path" makes sense tried to access the index without properly checking the array bound. Signed-off-by: Markus Heidelberg Signed-off-by: Junio C Hamano --- sha1_name.c | 32 ++++++++++++++++++-------------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/sha1_name.c b/sha1_name.c index 43884c69b..bf9241783 100644 --- a/sha1_name.c +++ b/sha1_name.c @@ -992,13 +992,15 @@ static void diagnose_invalid_index_path(int stage, pos = cache_name_pos(filename, namelen); if (pos < 0) pos = -pos - 1; - ce = active_cache[pos]; - if (ce_namelen(ce) == namelen && - !memcmp(ce->name, filename, namelen)) - die("Path '%s' is in the index, but not at stage %d.\n" - "Did you mean ':%d:%s'?", - filename, stage, - ce_stage(ce), filename); + if (pos < active_nr) { + ce = active_cache[pos]; + if (ce_namelen(ce) == namelen && + !memcmp(ce->name, filename, namelen)) + die("Path '%s' is in the index, but not at stage %d.\n" + "Did you mean ':%d:%s'?", + filename, stage, + ce_stage(ce), filename); + } /* Confusion between relative and absolute filenames? */ fullnamelen = namelen + strlen(prefix); @@ -1008,13 +1010,15 @@ static void diagnose_invalid_index_path(int stage, pos = cache_name_pos(fullname, fullnamelen); if (pos < 0) pos = -pos - 1; - ce = active_cache[pos]; - if (ce_namelen(ce) == fullnamelen && - !memcmp(ce->name, fullname, fullnamelen)) - die("Path '%s' is in the index, but not '%s'.\n" - "Did you mean ':%d:%s'?", - fullname, filename, - ce_stage(ce), fullname); + if (pos < active_nr) { + ce = active_cache[pos]; + if (ce_namelen(ce) == fullnamelen && + !memcmp(ce->name, fullname, fullnamelen)) + die("Path '%s' is in the index, but not '%s'.\n" + "Did you mean ':%d:%s'?", + fullname, filename, + ce_stage(ce), fullname); + } if (!lstat(filename, &st)) die("Path '%s' exists on disk, but not in the index.", filename); -- 2.26.2