Ensure reuc vector is always valid In theory, if there was a problem reading the REUC data, the read_reuc() routine could have left uninitialized and invalid data in the git_index vector. This moves the line that inserts a new entry into the vector down to the bottom of the routine so we know all the content is already valid. Also, per @linquize, this uses calloc to ensure no uninitialized data.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
diff --git a/src/index.c b/src/index.c
index f767dfa..f7f7133 100644
--- a/src/index.c
+++ b/src/index.c
@@ -1283,8 +1283,9 @@ static int read_reuc(git_index *index, const char *buffer, size_t size)
size_t len;
int i;
- /* This gets called multiple times, the vector might already be initialized */
- if (index->reuc._alloc_size == 0 && git_vector_init(&index->reuc, 16, reuc_cmp) < 0)
+ /* If called multiple times, the vector might already be initialized */
+ if (index->reuc._alloc_size == 0 &&
+ git_vector_init(&index->reuc, 16, reuc_cmp) < 0)
return -1;
while (size) {
@@ -1294,12 +1295,9 @@ static int read_reuc(git_index *index, const char *buffer, size_t size)
if (size <= len)
return index_error_invalid("reading reuc entries");
- lost = git__malloc(sizeof(git_index_reuc_entry));
+ lost = git__calloc(1, sizeof(git_index_reuc_entry));
GITERR_CHECK_ALLOC(lost);
- if (git_vector_insert(&index->reuc, lost) < 0)
- return -1;
-
/* read NUL-terminated pathname for entry */
lost->path = git__strdup(buffer);
GITERR_CHECK_ALLOC(lost->path);
@@ -1337,6 +1335,10 @@ static int read_reuc(git_index *index, const char *buffer, size_t size)
size -= 20;
buffer += 20;
}
+
+ /* entry was read successfully - insert into reuc vector */
+ if (git_vector_insert(&index->reuc, lost) < 0)
+ return -1;
}
/* entries are guaranteed to be sorted on-disk */