Fix integer overflow in unpack_sha1_rest()
authorIlari Liusvaara <ilari.liusvaara@elisanet.fi>
Tue, 26 Jan 2010 18:24:14 +0000 (20:24 +0200)
committerJunio C Hamano <gitster@pobox.com>
Tue, 26 Jan 2010 21:00:10 +0000 (13:00 -0800)
[jc: later NUL termination by the caller becomes unnecessary]

Signed-off-by: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
sha1_file.c
index 63981fb3fd9cfa6cca4126eba5a964b449c62444..a903247677bfe1d41a14f8f153d66494837c86b7 100644 (file)
@@ -1232,7 +1232,7 @@ static int unpack_sha1_header(z_stream *stream, unsigned char *map, unsigned lon
 static void *unpack_sha1_rest(z_stream *stream, void *buffer, unsigned long size, const unsigned char *sha1)
 {
        int bytes = strlen(buffer) + 1;
-       unsigned char *buf = xmalloc(1+size);
+       unsigned char *buf = xmallocz(size);
        unsigned long n;
        int status = Z_OK;
 
@@ -1260,7 +1260,6 @@ static void *unpack_sha1_rest(z_stream *stream, void *buffer, unsigned long size
                while (status == Z_OK)
                        status = git_inflate(stream, Z_FINISH);
        }
-       buf[size] = 0;
        if (status == Z_STREAM_END && !stream->avail_in) {
                git_inflate_end(stream);
                return buf;