wildmatch: avoid undefined behavior

The code changed in this commit is designed to check if the pattern
starts with "**/" or contains "/**/" (see 3a078dec33 (wildmatch: fix
"**" special case, 2013-01-01)). Unfortunately when the pattern begins
with "**/" `prev_p = p - 2` is evaluated when `p` points to the second
"*" and so the subtraction is undefined according to section 6.5.6 of
the C standard because the result does not point within the same object
as `p`. Fix this by avoiding the subtraction unless it is well defined.

Signed-off-by: Phillip Wood <phillip.wood@dunelm.org.uk>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/wildmatch.c b/wildmatch.c
index 06861bd8bc319cb57601965a255a21acd667aa4d..694d2f8e405287c154ff6e89911b8545f15e306d 100644 (file)
--- a/wildmatch.c
+++ b/wildmatch.c
@@ -83,12 +83,12 @@ static int dowild(const uchar *p, const uchar *text, unsigned int flags)
                        continue;
                case '*':
                        if (*++p == '*') {
-                               const uchar *prev_p = p - 2;
+                               const uchar *prev_p = p;
                                while (*++p == '*') {}
                                if (!(flags & WM_PATHNAME))
                                        /* without WM_PATHNAME, '*' == '**' */
                                        match_slash = 1;
-                               else if ((prev_p < pattern || *prev_p == '/') &&
+                               else if ((prev_p - pattern < 2 || *(prev_p - 2) == '/') &&
                                    (*p == '\0' || *p == '/' ||
                                     (p[0] == '\\' && p[1] == '/'))) {
                                        /*