From: Johannes Schindelin <Johannes.Schindelin@gmx.de>
Date: Fri, 15 Jun 2007 12:19:07 +0000 (+0100)
Subject: pp_header(): work around possible memory corruption
X-Git-Tag: v1.5.3-rc0~66^2
X-Git-Url: https://git.lorimer.id.au/gitweb.git/diff_plain/4cd008a925f3c7c0064d86a4cb4b06278e79e9e7

pp_header(): work around possible memory corruption

add_user_info() possibly adds way more than just the commit header line.
In fact, it sometimes needs so much more space that there is a buffer
overrun, leading to an ugly crash. For example, the date is printed in its
own line, and usually takes up more space than the equivalent Unix epoch.

So, for good measure, add 80 characters (a full line) to the allocated
space, in addition to the header line length.

Signed-off-by: Johannes Schindelin <Johannes.Schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---

diff --git a/commit.c b/commit.c
index 40c87a7471..dbb28b593f 100644
--- a/commit.c
+++ b/commit.c
@@ -997,7 +997,7 @@ static void pp_header(enum cmit_fmt fmt,
 			len = linelen;
 			if (fmt == CMIT_FMT_EMAIL)
 				len = bound_rfc2047(linelen, encoding);
-			ALLOC_GROW(*buf_p, *ofs_p + len, *space_p);
+			ALLOC_GROW(*buf_p, *ofs_p + len + 80, *space_p);
 			dst = *buf_p + *ofs_p;
 			*ofs_p += add_user_info("Author", fmt, dst,
 						line + 7, dmode, encoding);
@@ -1008,7 +1008,7 @@ static void pp_header(enum cmit_fmt fmt,
 			len = linelen;
 			if (fmt == CMIT_FMT_EMAIL)
 				len = bound_rfc2047(linelen, encoding);
-			ALLOC_GROW(*buf_p, *ofs_p + len, *space_p);
+			ALLOC_GROW(*buf_p, *ofs_p + len + 80, *space_p);
 			dst = *buf_p + *ofs_p;
 			*ofs_p += add_user_info("Commit", fmt, dst,
 						line + 10, dmode, encoding);