diff options
author | Eric Sunshine <sunshine@sunshineco.com> | 2018-08-03 08:07:49 +0200 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2018-08-03 17:52:05 +0200 |
commit | 65bb21e77e7f12e215974018b4b1febcb87c85c9 (patch) | |
tree | ee713d10567e5143518c9ae4213ea62edea4ab6c /color.c | |
parent | Git 2.18 (diff) | |
download | git-65bb21e77e7f12e215974018b4b1febcb87c85c9.tar.xz git-65bb21e77e7f12e215974018b4b1febcb87c85c9.zip |
color: protect against out-of-bounds reads and writes
want_color_fd() is designed to work only with standard output and
error file descriptors and stores information about each descriptor in
an array. However, it doesn't verify that the passed-in descriptor
lives within that set, which, with a buggy caller, could lead to
access or assignment outside the array bounds.
Signed-off-by: Eric Sunshine <sunshine@sunshineco.com>
Acked-by: Johannes Schindelin <Johannes.Schindelin@gmx.de>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'color.c')
-rw-r--r-- | color.c | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -343,6 +343,9 @@ int want_color_fd(int fd, int var) static int want_auto[3] = { -1, -1, -1 }; + if (fd < 1 || fd >= ARRAY_SIZE(want_auto)) + BUG("file descriptor out of range: %d", fd); + if (var < 0) var = git_use_color_default; |