Re: [patch] git: fix 1-byte overflow in show-files.c

* Petr Baudis <[EMAIL PROTECTED]> wrote: > > will attempt to append a "/" string to the directory name - resulting in > > a 1-byte overflow (a zero byte is written to offset 4097, which is > > outside the array). > > The name ends precisely at offset 4095 with its NUL character: > > {PAT

Re: [patch] git: fix 1-byte overflow in show-files.c

Dear diary, on Thu, Apr 14, 2005 at 02:53:54PM CEST, I got a letter where Ingo Molnar <[EMAIL PROTECTED]> told me that... > > this patch fixes a 1-byte overflow in show-files.c (looks narrow is is > probably not exploitable). A specially crafted db object (tree) might > trigger this overflow. >

[patch] git: fix 1-byte overflow in show-files.c

this patch fixes a 1-byte overflow in show-files.c (looks narrow is is probably not exploitable). A specially crafted db object (tree) might trigger this overflow. 'fullname' is an array of 4096+1 bytes, and we do readdir(), which produces entries that have strings with a length of 0-255 bytes