Merge branch 'ab/config-based-hooks-2'

[thirdparty/git.git] / commit.c

diff --git a/commit.c b/commit.c
index 931f65d56d6451e2d59dc33beb6dcaad780b546e..d400f5dfa2b1f9016f90c5aee9665b1f08316048 100644 (file)
--- a/commit.c
+++ b/commit.c
@@ -1632,12 +1632,20 @@ struct commit_list **commit_list_append(struct commit *commit,
        return &new_commit->next;
 }
 
-const char *find_commit_header(const char *msg, const char *key, size_t *out_len)
+const char *find_header_mem(const char *msg, size_t len,
+                       const char *key, size_t *out_len)
 {
        int key_len = strlen(key);
        const char *line = msg;
 
-       while (line) {
+       /*
+        * NEEDSWORK: It's possible for strchrnul() to scan beyond the range
+        * given by len. However, current callers are safe because they compute
+        * len by scanning a NUL-terminated block of memory starting at msg.
+        * Nonetheless, it would be better to ensure the function does not look
+        * at msg beyond the len provided by the caller.
+        */
+       while (line && line < msg + len) {
                const char *eol = strchrnul(line, '\n');
 
                if (line == eol)
@@ -1654,6 +1662,10 @@ const char *find_commit_header(const char *msg, const char *key, size_t *out_len
        return NULL;
 }
 
+const char *find_commit_header(const char *msg, const char *key, size_t *out_len)
+{
+       return find_header_mem(msg, strlen(msg), key, out_len);
+}
 /*
  * Inspect the given string and determine the true "end" of the log message, in
  * order to find where to put a new Signed-off-by trailer.  Ignored are