Commit c6f9ad73 by Patrick Steinhardt

patch_parse: fix undefined behaviour due to arithmetic on NULL pointers

Doing arithmetic with NULL pointers is undefined behaviour in the C
standard. We do so regardless when parsing patches, as we happily add a
potential prefix length to prefixed paths. While this works out just
fine as the prefix length is always equal to zero in these cases, thus
resulting in another NULL pointer, it still is undefined behaviour and
was pointed out to us by OSSfuzz.

Fix the issue by checking whether paths are NULL, avoiding the
arithmetic if they are.
parent 3e6a9045
...@@ -1025,13 +1025,17 @@ static int check_filenames(git_patch_parsed *patch) ...@@ -1025,13 +1025,17 @@ static int check_filenames(git_patch_parsed *patch)
/* Prefer the rename filenames as they are unambiguous and unprefixed */ /* Prefer the rename filenames as they are unambiguous and unprefixed */
if (patch->rename_old_path) if (patch->rename_old_path)
patch->base.delta->old_file.path = patch->rename_old_path; patch->base.delta->old_file.path = patch->rename_old_path;
else else if (prefixed_old)
patch->base.delta->old_file.path = prefixed_old + old_prefixlen; patch->base.delta->old_file.path = prefixed_old + old_prefixlen;
else
patch->base.delta->old_file.path = NULL;
if (patch->rename_new_path) if (patch->rename_new_path)
patch->base.delta->new_file.path = patch->rename_new_path; patch->base.delta->new_file.path = patch->rename_new_path;
else else if (prefixed_new)
patch->base.delta->new_file.path = prefixed_new + new_prefixlen; patch->base.delta->new_file.path = prefixed_new + new_prefixlen;
else
patch->base.delta->new_file.path = NULL;
if (!patch->base.delta->old_file.path && if (!patch->base.delta->old_file.path &&
!patch->base.delta->new_file.path) !patch->base.delta->new_file.path)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment