From: Johannes Schindelin Date: Thu, 27 Mar 2025 11:05:57 +0000 (+0000) Subject: read-cache: check range before dereferencing an array element X-Git-Tag: v2.50.0-rc0~88^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0f558141ed3b93b393151367b9569446cd24caab;p=thirdparty%2Fgit.git read-cache: check range before dereferencing an array element Before accessing an array element at a given index, we should make sure that the index is within the desired bounds, otherwise it makes little sense to access the array element in the first place. In this instance, testing whether `ce->name[common]` is the trailing NUL byte is technically different from testing whether `common` is within the bounds of `previous_name`. It is also redundant, as the range-check guarantees that `previous_name->buf[common]` cannot be NUL and therefore the condition `ce->name[common] == previous_name->buf[common]` would not be met if `ce->name[common]` evaluated to NUL. However, in the interest of reducing the cognitive load to reason about the correctness of this loop (so that I can focus on interesting projects again), I'll simply move the range-check to the beginning of the loop condition and keep the redundant NUL check. This acquiesces CodeQL's `cpp/offset-use-before-range-check` rule. Signed-off-by: Johannes Schindelin Acked-by: Jeff King Signed-off-by: Junio C Hamano --- diff --git a/read-cache.c b/read-cache.c index e678c13e8f..08ae66ad60 100644 --- a/read-cache.c +++ b/read-cache.c @@ -2686,8 +2686,8 @@ static int ce_write_entry(struct hashfile *f, struct cache_entry *ce, int common, to_remove, prefix_size; unsigned char to_remove_vi[16]; for (common = 0; - (ce->name[common] && - common < previous_name->len && + (common < previous_name->len && + ce->name[common] && ce->name[common] == previous_name->buf[common]); common++) ; /* still matching */