From: e at 80x24.org (Eric Wong)
Subject: [PATCH] ui-shared: fix segfault in cgit_set_title_from_path
Date: Wed, 2 Jan 2019 06:50:04 +0000 [thread overview]
Message-ID: <20190102065004.18253-1-e@80x24.org> (raw)
The following invocation of strncat uses a bogus size and
caused segfaults on my system:
strncat(new_title, ctx.page.title, sizeof(new_title) - strlen(new_title) - 1);
Since str*cat functions are all bug-prone and slow (need to
search for '\0' at every invocation), switch to the safer and
easier-to-use strbuf* git API instead.
---
ui-shared.c | 24 ++++++++++--------------
1 file changed, 10 insertions(+), 14 deletions(-)
diff --git a/ui-shared.c b/ui-shared.c
index 7a4c726..bef8a78 100644
--- a/ui-shared.c
+++ b/ui-shared.c
@@ -1192,15 +1192,14 @@ void cgit_print_snapshot_links(const struct cgit_repo *repo, const char *ref,
void cgit_set_title_from_path(const char *path)
{
- size_t path_len, path_index, path_last_end, line_len;
- char *new_title;
+ size_t path_len, path_index, path_last_end;
+ struct strbuf sb;
if (!path)
return;
path_len = strlen(path);
- new_title = xmalloc(path_len + 3 + strlen(ctx.page.title) + 1);
- new_title[0] = '\0';
+ strbuf_init(&sb, path_len + 3 + strlen(ctx.page.title) + 1);
for (path_index = path_len, path_last_end = path_len; path_index-- > 0;) {
if (path[path_index] == '/') {
@@ -1208,19 +1207,16 @@ void cgit_set_title_from_path(const char *path)
path_last_end = path_index - 1;
continue;
}
- strncat(new_title, &path[path_index + 1], path_last_end - path_index - 1);
- line_len = strlen(new_title);
- new_title[line_len++] = '\\';
- new_title[line_len] = '\0';
+ strbuf_add(&sb, &path[path_index + 1],
+ path_last_end - path_index - 1);
+ strbuf_addch(&sb, '\\');
path_last_end = path_index;
}
}
if (path_last_end)
- strncat(new_title, path, path_last_end);
+ strbuf_add(&sb, path, path_last_end);
- line_len = strlen(new_title);
- memcpy(&new_title[line_len], " - ", 3);
- new_title[line_len + 3] = '\0';
- strncat(new_title, ctx.page.title, sizeof(new_title) - strlen(new_title) - 1);
- ctx.page.title = new_title;
+ strbuf_add(&sb, " - ", 3);
+ strbuf_addstr(&sb, ctx.page.title);
+ ctx.page.title = strbuf_detach(&sb, NULL);
}
--
EW
next reply other threads:[~2019-01-02 6:50 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-02 6:50 e [this message]
2019-01-02 6:50 ` Jason
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190102065004.18253-1-e@80x24.org \
--to=cgit@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).