Commit d0780b8133f40c2e54670eacc6943ff2da49cf84
2016-03-01T15:35:45
object: avoid call of memset with ouf of bounds pointer When computing a short OID we do this by first copying the leading parts into the new OID structure and then setting the trailing part to zero. In the case of the desired length being `GIT_OID_HEXSZ - 1` we will call `memset` with an out of bounds pointer and a length of 0. While this seems to cause no problems for common platforms the C89 standard does not explicitly state that calling `memset` with an out of bounds pointer and length of 0 is valid. Fix the potential issue by using the newly introduced `git_oid__cpy_prefix` function.
diff --git a/src/object.c b/src/object.c
index ebf77fb..1d45f9f 100644
--- a/src/object.c
+++ b/src/object.c
@@ -12,6 +12,7 @@
#include "commit.h"
#include "tree.h"
#include "blob.h"
+#include "oid.h"
#include "tag.h"
bool git_object__strict_input_validation = true;
@@ -166,13 +167,9 @@ int git_object_lookup_prefix(
error = git_odb_read(&odb_obj, odb, id);
}
} else {
- git_oid short_oid;
+ git_oid short_oid = {{ 0 }};
- /* We copy the first len*4 bits from id and fill the remaining with 0s */
- memcpy(short_oid.id, id->id, (len + 1) / 2);
- if (len % 2)
- short_oid.id[len / 2] &= 0xF0;
- memset(short_oid.id + (len + 1) / 2, 0, (GIT_OID_HEXSZ - len) / 2);
+ git_oid__cpy_prefix(&short_oid, id, len);
/* If len < GIT_OID_HEXSZ (a strict short oid was given), we have
* 2 options :