apply: make update_pre_post_images() sanity check the given postlen

diff --git a/builtin/apply.c b/builtin/apply.c
index 9c5724eaccfaee62ff10eb097adc39ace351cade..da6fb355453c1a77d16a3ede38d295f5af8569d9 100644 (file)
--- a/builtin/apply.c
+++ b/builtin/apply.c
@@ -2171,6 +2171,12 @@ static void update_pre_post_images(struct image *preimage,
                ctx++;
        }
 
+       if (postlen
+           ? postlen < new - postimage->buf
+           : postimage->len < new - postimage->buf)
+               die("BUG: caller miscounted postlen: asked %d, orig = %d, used = %d",
+                   (int)postlen, (int) postimage->len, (int)(new - postimage->buf));
+
        /* Fix the length of the whole thing */
        postimage->len = new - postimage->buf;
        postimage->nr -= reduced;
@@ -2326,7 +2332,7 @@ static int match_fragment(struct image *img,
 
        /*
         * The hunk does not apply byte-by-byte, but the hash says
-        * it might with whitespace fuzz. We haven't been asked to
+        * it might with whitespace fuzz. We weren't asked to
         * ignore whitespace, we were asked to correct whitespace
         * errors, so let's try matching after whitespace correction.
         *
@@ -2869,9 +2875,7 @@ static int apply_binary_fragment(struct image *img, struct patch *patch)
        case BINARY_LITERAL_DEFLATED:
                clear_image(img);
                img->len = fragment->size;
-               img->buf = xmalloc(img->len+1);
-               memcpy(img->buf, fragment->patch, img->len);
-               img->buf[img->len] = '\0';
+               img->buf = xmemdupz(fragment->patch, img->len);
                return 0;
        }
        return -1;