From: Junio C Hamano <gitster@pobox.com>
Date: Thu, 7 Apr 2016 19:38:18 +0000 (-0700)
Subject: setup.c: do not feed NULL to "%.*s" even with precision 0
X-Git-Tag: v2.8.3~32^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=24041d6be54d89b5fb0b2bbf70df04bbbff6ba9e;p=thirdparty%2Fgit.git

setup.c: do not feed NULL to "%.*s" even with precision 0

A recent update 75faa45a (replace trivial malloc + sprintf / strcpy
calls with xstrfmt, 2015-09-24) rewrote

	prepare an empty buffer
	if (len)
        	append the first len bytes of "prefix" to the buffer
	append "path" to the buffer

that computed "path", optionally prefixed by "prefix", into

	xstrfmt("%.*s%s", len, prefix, path);

However, passing a NULL pointer to the printf(3) family of functions
to format it with %s conversion, even with the precision set to 0,
i.e.

	xstrfmt("%.*s", 0, NULL)

yields undefined results, at least on some platforms.

Avoid this problem by substituting prefix with "" when len==0, as
prefix can legally be NULL in that case.  This would mimick the
intent of the original code better.

Reported-by: Tom G. Christensen <tgc@jupiterrise.com>
Helped-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---

diff --git a/setup.c b/setup.c
index 2b64cbbbfa..577fc63231 100644
--- a/setup.c
+++ b/setup.c
@@ -99,7 +99,7 @@ char *prefix_path_gently(const char *prefix, int len,
 			return NULL;
 		}
 	} else {
-		sanitized = xstrfmt("%.*s%s", len, prefix, path);
+		sanitized = xstrfmt("%.*s%s", len, len ? prefix : "", path);
 		if (remaining_prefix)
 			*remaining_prefix = len;
 		if (normalize_path_copy_len(sanitized, sanitized, remaining_prefix)) {