commit: clear user-provided buffers

The functions `git_commit_header_field` and `git_commit_extract_signature` both receive buffers used to hand back the results to the user. While these functions called `git_buf_sanitize` on these buffers, this is not the right thing to do, as it will simply initialize or zero-terminate passed buffers. As we want to overwrite contents, we instead have to call `git_buf_clear` to completely reset them.

commit: clear user-provided buffers
The functions `git_commit_header_field` and `git_commit_extract_signature` both receive buffers used to hand back the results to the user. While these functions called `git_buf_sanitize` on these buffers, this is not the right thing to do, as it will simply initialize or zero-terminate passed buffers. As we want to overwrite contents, we instead have to call `git_buf_clear` to completely reset them.
dc851d9e · Patrick Steinhardt · cdb2c2a0 · dc851d9e · dc851d9e
Commit dc851d9e authored Feb 13, 2017 by Patrick Steinhardt
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 6 deletions

include/git2/commit.h
+6 -3

src/commit.c
+3 -3

No files found.
--- a/include/git2/commit.h
+++ b/include/git2/commit.h
@@ -255,7 +255,8 @@ GIT_EXTERN(int) git_commit_nth_gen_ancestor(
 /**
 * Get an arbitrary header field
 *
- * @param out the buffer to fill
+ * @param out the buffer to fill; existing content will be
+ * overwritten
 * @param commit the commit to look in
 * @param field the header field to return
 * @return 0 on succeess, GIT_ENOTFOUND if the field does not exist,
@@ -270,8 +271,10 @@ GIT_EXTERN(int) git_commit_header_field(git_buf *out, const git_commit *commit, 
 * `GITERR_INVALID`. If the commit does not have a signature, the
 * error class will be `GITERR_OBJECT`.
 *
- * @param signature the signature block
+ * @param signature the signature block; existing content will be
- * @param signed_data signed data; this is the commit contents minus the signature block
+ * overwritten
+ * @param signed_data signed data; this is the commit contents minus the signature block;
+ * existing content will be overwritten
 * @param repo the repository in which the commit exists
 * @param commit_id the commit from which to extract the data
 * @param field the name of the header field containing the signature

--- a/src/commit.c
+++ b/src/commit.c
@@ -642,7 +642,7 @@ int git_commit_header_field(git_buf *out, const git_commit *commit, const char *
 {
 	const char *eol, *buf = commit->raw_header;
-	git_buf_sanitize(out);
+	git_buf_clear(out);
 	while ((eol = strchr(buf, '\n'))) {
 		/* We can skip continuations here */
@@ -706,8 +706,8 @@ int git_commit_extract_signature(git_buf *signature, git_buf *signed_data, git_r
 	const char *h, *eol;
 	int error;
-	git_buf_sanitize(signature);
+	git_buf_clear(signature);
-	git_buf_sanitize(signed_data);
+	git_buf_clear(signed_data);
 	if (!field)
 		field = "gpgsig";