commit: fix reading out of bounds when parsing encoding

The commit message encoding is currently being parsed by the `git__prefixcmp` function. As this function does not accept a buffer length, it will happily skip over a buffer's end if it is not `NUL` terminated. Fix the issue by using `git__prefixncmp` instead. Add a test that verifies that we are unable to parse the encoding field if it's cut off by the supplied buffer length. (cherry picked from commit 7655b2d8)

commit: fix reading out of bounds when parsing encoding
The commit message encoding is currently being parsed by the `git__prefixcmp` function. As this function does not accept a buffer length, it will happily skip over a buffer's end if it is not `NUL` terminated. Fix the issue by using `git__prefixncmp` instead. Add a test that verifies that we are unable to parse the encoding field if it's cut off by the supplied buffer length. (cherry picked from commit 7655b2d8)
4f0e5f70 · Patrick Steinhardt · 6e40bb3a · 4f0e5f70
Commit 4f0e5f70 authored Oct 19, 2018 by Patrick Steinhardt
Hide whitespace changes
Inline Side-by-side

Showing with 1 additions and 1 deletions

src/commit.c
+1 -1

No files found.
--- a/src/commit.c
+++ b/src/commit.c
@@ -443,7 +443,7 @@ int git_commit__parse(void *_commit, git_odb_object *odb_obj)
 		while (eoln < buffer_end && *eoln != '\n')
 			++eoln;
-		if (git__prefixcmp(buffer, "encoding ") == 0) {
+		if (git__prefixncmp(buffer, buffer_end - buffer, "encoding ") == 0) {
 			buffer += strlen("encoding ");
 			commit->message_encoding = git__strndup(buffer, eoln - buffer);