Commit 85594252 authored by Duy Nguyen's avatar Duy Nguyen Committed by Junio C Hamano

parse_tag_buffer(): do not prefixcmp() out of range

There is a check (size < 64) at the beginning of the function, but
that only covers object+type lines.
Signed-off-by: Duy Nguyen's avatarNguyễn Thái Ngọc Duy <[email protected]>
Signed-off-by: default avatarJunio C Hamano <[email protected]>
parent 24231e06
......@@ -97,7 +97,9 @@ int parse_tag_buffer(struct tag *item, const void *data, unsigned long size)
item->tagged = NULL;
}
if (prefixcmp(bufptr, "tag "))
if (bufptr + 4 < tail && !prefixcmp(bufptr, "tag "))
; /* good */
else
return -1;
bufptr += 4;
nl = memchr(bufptr, '\n', tail - bufptr);
......@@ -106,7 +108,7 @@ int parse_tag_buffer(struct tag *item, const void *data, unsigned long size)
item->tag = xmemdupz(bufptr, nl - bufptr);
bufptr = nl + 1;
if (!prefixcmp(bufptr, "tagger "))
if (bufptr + 7 < tail && !prefixcmp(bufptr, "tagger "))
item->date = parse_tag_date(bufptr, tail);
else
item->date = 0;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment