commit -S: avoid invalid pointer with empty message

While it is not recommended, fsck.c says:

Not having a body is not a crime [...]

... which means that we cannot assume that the commit buffer
contains an empty line to separate header from body.  A commit
object with only a header without any body, not even without
a blank line after the header, is valid.

So let's tread carefully here.  strstr("\n\n") may find nothing
and return NULL.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/commit.c b/commit.c
index d1810c940b3cb354437e86eee38e2c2499375e80..ee7f0cb029b1a777972ed9efcf9bbabdc2a655c8 100644 (file)
--- a/commit.c
+++ b/commit.c
@@ -1092,9 +1092,14 @@ static int do_sign_commit(struct strbuf *buf, const char *keyid)
 {
        struct strbuf sig = STRBUF_INIT;
        int inspos, copypos;
+       const char *eoh;
 
        /* find the end of the header */
-       inspos = strstr(buf->buf, "\n\n") - buf->buf + 1;
+       eoh = strstr(buf->buf, "\n\n");
+       if (!eoh)
+               inspos = buf->len;
+       else
+               inspos = eoh - buf->buf + 1;
 
        if (!keyid || !*keyid)
                keyid = get_signing_key();