blame: fix broken time_buf paddings in relative timestamp

Command `git blame --date relative` aligns the date field with a
fixed-width (defined by blame_date_width), and if time_str is shorter
than that, it adds spaces for padding.  But there are two bugs in the
following codes:

time_len = strlen(time_str);
...
memset(time_buf + time_len, ' ', blame_date_width - time_len);

1. The type of blame_date_width is size_t, which is unsigned.  If
time_len is greater than blame_date_width, the result of
"blame_date_width - time_len" will never be a negative number, but a
really big positive number, and will cause memory overwrite.

This bug can be triggered if either l10n message for function
show_date_relative() in date.c is longer than 30 characters, then
`git blame --date relative` may exit abnormally.

2. When show blame information with relative time, the UTF-8 characters
in time_str will break the alignment of columns after the date field.
This is because the time_buf padding with spaces should have a
constant display width, not a fixed strlen size.  So we should call
utf8_strwidth() instead of strlen() for width calibration.

Helped-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Helped-by: Eric Sunshine <sunshine@sunshineco.com>
Signed-off-by: Jiang Xin <worldhello.net@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/builtin/blame.c b/builtin/blame.c
index 88cb7997274de6f9ab6f8a5944748334ce605f60..35e95db15dc0b66db409d0d9289474e4d0433c32 100644 (file)
--- a/builtin/blame.c
+++ b/builtin/blame.c
@@ -1556,22 +1556,29 @@ static void assign_blame(struct scoreboard *sb, int opt)
 static const char *format_time(unsigned long time, const char *tz_str,
                               int show_raw_time)
 {
-       static char time_buf[128];
+       static struct strbuf time_buf = STRBUF_INIT;
 
+       strbuf_reset(&time_buf);
        if (show_raw_time) {
-               snprintf(time_buf, sizeof(time_buf), "%lu %s", time, tz_str);
+               strbuf_addf(&time_buf, "%lu %s", time, tz_str);
        }
        else {
                const char *time_str;
-               int time_len;
+               size_t time_width;
                int tz;
                tz = atoi(tz_str);
                time_str = show_date(time, tz, blame_date_mode);
-               time_len = strlen(time_str);
-               memcpy(time_buf, time_str, time_len);
-               memset(time_buf + time_len, ' ', blame_date_width - time_len);
+               strbuf_addstr(&time_buf, time_str);
+               /*
+                * Add space paddings to time_buf to display a fixed width
+                * string, and use time_width for display width calibration.
+                */
+               for (time_width = utf8_strwidth(time_str);
+                    time_width < blame_date_width;
+                    time_width++)
+                       strbuf_addch(&time_buf, ' ');
        }
-       return time_buf;
+       return time_buf.buf;
 }
 
 #define OUTPUT_ANNOTATE_COMPAT 001