The `git__strntol` family of functions accepts leading spaces and will simply skip them. The skipping will not honor the provided buffer's length, though, which may lead it to read outside of the provided buffer's bounds if it is not a simple NUL-terminated string. Furthermore, if leading space is trimmed, the function will further advance the pointer but not update the number of remaining bytes, which may also lead to out-of-bounds reads. Fix the issue by properly paying attention to the buffer length and updating it when stripping leading whitespace characters. Add a test that verifies that we won't read past the provided buffer length.
Name |
Last commit
|
Last update |
---|---|---|
.github | Loading commit data... | |
ci | Loading commit data... | |
cmake/Modules | Loading commit data... | |
deps | Loading commit data... | |
docs | Loading commit data... | |
examples | Loading commit data... | |
include | Loading commit data... | |
script | Loading commit data... | |
src | Loading commit data... | |
tests | Loading commit data... | |
.HEADER | Loading commit data... | |
.editorconfig | Loading commit data... | |
.gitattributes | Loading commit data... | |
.gitignore | Loading commit data... | |
.mailmap | Loading commit data... | |
AUTHORS | Loading commit data... | |
CHANGELOG.md | Loading commit data... | |
CMakeLists.txt | Loading commit data... | |
CODE_OF_CONDUCT.md | Loading commit data... | |
CONTRIBUTING.md | Loading commit data... | |
CONVENTIONS.md | Loading commit data... | |
COPYING | Loading commit data... | |
PROJECTS.md | Loading commit data... | |
README.md | Loading commit data... | |
THREADING.md | Loading commit data... | |
TROUBLESHOOTING.md | Loading commit data... | |
api.docurium | Loading commit data... | |
azure-pipelines.yml | Loading commit data... | |
git.git-authors | Loading commit data... | |
libgit2.pc.in | Loading commit data... | |
libgit2_clar.supp | Loading commit data... |