Skip to content

Commit 2cf48e1

Browse files
committed
config_file: check if section header buffer runs out of memory
While parsing section headers, we use a buffer to store the actual section name. We do not check though if the buffer runs out of memory at any stage. Do so.
1 parent ff8d2eb commit 2cf48e1

File tree

1 file changed

+8
-2
lines changed

1 file changed

+8
-2
lines changed

src/config_file.c

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1041,8 +1041,9 @@ static int parse_section_header_ext(struct reader *reader, const char *line, con
10411041
GITERR_CHECK_ALLOC_ADD(&alloc_len, base_name_len, quoted_len);
10421042
GITERR_CHECK_ALLOC_ADD(&alloc_len, alloc_len, 2);
10431043

1044-
git_buf_grow(&buf, alloc_len);
1045-
git_buf_printf(&buf, "%s.", base_name);
1044+
if (git_buf_grow(&buf, alloc_len) < 0 ||
1045+
git_buf_printf(&buf, "%s.", base_name) < 0)
1046+
goto end_parse;
10461047

10471048
rpos = 0;
10481049

@@ -1082,6 +1083,11 @@ static int parse_section_header_ext(struct reader *reader, const char *line, con
10821083
} while (line + rpos < last_quote);
10831084

10841085
end_parse:
1086+
if (git_buf_oom(&buf)) {
1087+
git_buf_free(&buf);
1088+
return -1;
1089+
}
1090+
10851091
if (line[rpos] != '"' || line[rpos + 1] != ']') {
10861092
set_parse_error(reader, rpos, "Unexpected text after closing quotes");
10871093
git_buf_free(&buf);

0 commit comments

Comments
 (0)