From: Shaoxuan Yuan Date: Fri, 9 Sep 2022 22:27:36 +0000 (-0700) Subject: builtin/mv.c: fix possible segfault in add_slash() X-Git-Tag: v2.38.0-rc1~18^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7ead46810b507828c1481eaea6d64b9ed635b8b7;p=thirdparty%2Fgit.git builtin/mv.c: fix possible segfault in add_slash() A possible segfault was introduced in c08830de41 (mv: check if is a SKIP_WORKTREE_DIR, 2022-08-09). When running t7001 with SANITIZE=address, problem appears when running: git mv path1/path2/ . or git mv directory ../ or any that makes dest_path[0] an empty string. The add_slash() call could segfault when path argument to it is an empty string, because it makes an out-of-bounds read to decide if an extra slash '/' needs to be appended to it. As add_slash() is used to make sure that a valid pathname to a file in the given directory can be made by appending a filename after the value returned from it, if path is an empty string, we want to return it as-is. The path to a file "F" in the top-level of the working tree (i.e. path=="") is formed by appending "F" after "" (i.e. path) without any slash in between. So, just like the case where a non-empty path already ends with a slash, return an empty path as-is. Reported-by: Jeff King Helped-by: Jeff King Helped-by: Junio C Hamano Helped-by: Derrick Stolee Signed-off-by: Shaoxuan Yuan Signed-off-by: Junio C Hamano --- diff --git a/builtin/mv.c b/builtin/mv.c index 4b67bd096a..35bf1e9c71 100644 --- a/builtin/mv.c +++ b/builtin/mv.c @@ -71,7 +71,7 @@ static const char **internal_prefix_pathspec(const char *prefix, static const char *add_slash(const char *path) { size_t len = strlen(path); - if (path[len - 1] != '/') { + if (len && path[len - 1] != '/') { char *with_slash = xmalloc(st_add(len, 2)); memcpy(with_slash, path, len); with_slash[len++] = '/';