From 5522bbac2059283f7a91fa367fb1eb75faec2f3d Mon Sep 17 00:00:00 2001 From: Eric Sunshine Date: Tue, 31 Jul 2018 03:33:31 -0400 Subject: [PATCH] sequencer: don't die() on bogus user-edited timestamp read_author_ident() is careful to handle errors "gently" when parsing "rebase-merge/author-script" by printing a suitable warning and returning NULL; it never die()'s. One possible reason that parsing might fail is that "rebase-merge/author-script" has been hand-edited in such a way which corrupts it or the information it contains. However, read_author_ident() invokes fmt_ident() which is not so careful about failing "gently". It will die() if it encounters a malformed timestamp. Since read_author_ident() doesn't want to die() and since it's dealing with possibly hand-edited data, take care to avoid passing a bogus timestamp to fmt_ident(). A more "correctly engineered" fix would be to add a "gentle" version of fmt_ident(), however, such a change it outside the scope of the bug-fix series. If fmt_ident() ever does grow a "gentle" cousin, then the manual timestamp check added here can be retired. Signed-off-by: Eric Sunshine Signed-off-by: Junio C Hamano --- sequencer.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/sequencer.c b/sequencer.c index 580516959d..944dea6997 100644 --- a/sequencer.c +++ b/sequencer.c @@ -739,6 +739,15 @@ static const char *read_author_ident(struct strbuf *buf) return NULL; } + /* validate date since fmt_ident() will die() on bad value */ + if (parse_date(val[2], &out)){ + warning(_("invalid date format '%s' in '%s'"), + val[2], rebase_path_author_script()); + strbuf_release(&out); + return NULL; + } + + strbuf_reset(&out); strbuf_addstr(&out, fmt_ident(val[0], val[1], val[2], 0)); strbuf_swap(buf, &out); strbuf_release(&out); -- 2.43.2