commit_list.c
4.85 KB
- 
commit_list: avoid use of strtol64 without length limit · 1a3fa1f5When quick-parsing a commit, we use `git__strtol64` to parse the commit's time. The buffer that's passed to `commit_quick_parse` is the raw data of an ODB object, though, whose data may not be properly formatted and also does not have to be `NUL` terminated. This may lead to out-of-bound reads. Use `git__strntol64` to avoid this problem. Patrick Steinhardt committed
