1. 22 Jan, 2019 1 commit
  2. 01 Dec, 2018 1 commit
  3. 25 Oct, 2018 2 commits
    • tag: fix out of bounds read when searching for tag message · ee11d47e
      When parsing tags, we skip all unknown fields that appear before the tag
      message. This skipping is done by using a plain `strstr(buffer, "\n\n")`
      to search for the two newlines that separate tag fields from tag
      message. As it is not possible to supply a buffer length to `strstr`,
      this call may skip over the buffer's end and thus result in an out of
      bounds read. As `strstr` may return a pointer that is out of bounds, the
      following computation of `buffer_end - buffer` will overflow and result
      in an allocation of an invalid length.
      
      Fix the issue by using `git__memmem` instead. Add a test that verifies
      parsing the tag fails not due to the allocation failure but due to the
      tag having no message.
      Patrick Steinhardt committed
    • tests: add tests that exercise tag parsing · 4c738e56
      While the tests in object::tag::read exercises reading and parsing valid
      tags from the ODB, they barely try to verify that the parser fails in a
      sane way when parsing invalid tags. Create a new test suite
      object::tag::parse that directly exercise the parser by using
      `git_object__from_raw` and add various tests for valid and invalid tags.
      Patrick Steinhardt committed