Commit c6f9ad73e25f2abb1c25d50795b0b571305d43a4
2019-12-13T13:18:54
patch_parse: fix undefined behaviour due to arithmetic on NULL pointers Doing arithmetic with NULL pointers is undefined behaviour in the C standard. We do so regardless when parsing patches, as we happily add a potential prefix length to prefixed paths. While this works out just fine as the prefix length is always equal to zero in these cases, thus resulting in another NULL pointer, it still is undefined behaviour and was pointed out to us by OSSfuzz. Fix the issue by checking whether paths are NULL, avoiding the arithmetic if they are.
diff --git a/src/patch_parse.c b/src/patch_parse.c
index 7e2cc63..9d089ad 100644
--- a/src/patch_parse.c
+++ b/src/patch_parse.c
@@ -1025,13 +1025,17 @@ static int check_filenames(git_patch_parsed *patch)
/* Prefer the rename filenames as they are unambiguous and unprefixed */
if (patch->rename_old_path)
patch->base.delta->old_file.path = patch->rename_old_path;
- else
+ else if (prefixed_old)
patch->base.delta->old_file.path = prefixed_old + old_prefixlen;
+ else
+ patch->base.delta->old_file.path = NULL;
if (patch->rename_new_path)
patch->base.delta->new_file.path = patch->rename_new_path;
- else
+ else if (prefixed_new)
patch->base.delta->new_file.path = prefixed_new + new_prefixlen;
+ else
+ patch->base.delta->new_file.path = NULL;
if (!patch->base.delta->old_file.path &&
!patch->base.delta->new_file.path)