Fossil SCM

Fix a bug in the manifest parser that can cause a read off the end of a buffer when doing a "fossil rebuild" on a repository that contains artifacts that start out looking like a valid special artifact but are not terminated by \n. This fixes a bug introduced by check-in [49b0ff15922674].

drh 2016-01-01 20:49 UTC trunk

Commit 6013aea0c2a5e32ceac5b07992f03e7a7ad4148c

Parent 987a80ef06635a6…

1 file changed +2 -2

~ src/manifest.c

M src/manifest.c

+2 -2

		--- src/manifest.c
		+++ src/manifest.c
		@@ -380,13 +380,13 @@
380	380	** if that is not the case for this artifact.
381	381	*/
382	382	if( !isRepeat ) g.parseCnt[0]++;
383	383	z = blob_materialize(pContent);
384	384	n = blob_size(pContent);
385		- if( pErr && (n<=0 \|\| z[n-1]!='\n') ){
	385	+ if( n<=0 \|\| z[n-1]!='\n' ){
386	386	blob_reset(pContent);
387		- blob_append(pErr, n ? "not terminated with \\n" : "zero-length", -1);
	387	+ blob_appendf(pErr, "%s", n ? "not terminated with \\n" : "zero-length");
388	388	return 0;
389	389	}
390	390
391	391	/* Strip off the PGP signature if there is one.
392	392	*/
393	393

	--- src/manifest.c
	+++ src/manifest.c
	@@ -380,13 +380,13 @@
380	** if that is not the case for this artifact.
381	*/
382	if( !isRepeat ) g.parseCnt[0]++;
383	z = blob_materialize(pContent);
384	n = blob_size(pContent);
385	if( pErr && (n<=0 \|\| z[n-1]!='\n') ){
386	blob_reset(pContent);
387	blob_append(pErr, n ? "not terminated with \\n" : "zero-length", -1);
388	return 0;
389	}
390
391	/* Strip off the PGP signature if there is one.
392	*/
393

	--- src/manifest.c
	+++ src/manifest.c
	@@ -380,13 +380,13 @@
380	** if that is not the case for this artifact.
381	*/
382	if( !isRepeat ) g.parseCnt[0]++;
383	z = blob_materialize(pContent);
384	n = blob_size(pContent);
385	if( n<=0 \|\| z[n-1]!='\n' ){
386	blob_reset(pContent);
387	blob_appendf(pErr, "%s", n ? "not terminated with \\n" : "zero-length");
388	return 0;
389	}
390
391	/* Strip off the PGP signature if there is one.
392	*/
393

Fossil SCM

Keyboard Shortcuts