revparse: detect out-of-memory cases when parsing curly brace contents

pks-t · pks-t · commit c146374ce8ef · 2020-06-08T12:54:26.000+02:00
When extracting curly braces (e.g. the "upstream" part in
"HEAD@{upstream}"), we put the curly braces' contents into a `git_buf`
structure, but don't check the return value of `git_buf_putc`. So when
we run out-of-memory, we'll use a partially filled buffer without
noticing.

Let's fix this issue by checking `git_buf_putc`'s return value.
diff --git a/src/revparse.c b/src/revparse.c
@@ -537,7 +537,8 @@ static int extract_curly_braces_content(git_buf *buf, const char *spec, size_t *
 		if (spec[*pos] == '\0')
 			return GIT_EINVALIDSPEC;
 
-		git_buf_putc(buf, spec[(*pos)++]);
+		if (git_buf_putc(buf, spec[(*pos)++]) < 0)
+			return -1;
 	}
 
 	(*pos)++;

Original file line number	Diff line number	Diff line change
`@@ -537,7 +537,8 @@ static int extract_curly_braces_content(git_buf buf, const char spec, size_t *`
`537`	`537`	`if (spec[*pos] == '\0')`
`538`	`538`	`return GIT_EINVALIDSPEC;`
`539`	`539`
`540`		`- git_buf_putc(buf, spec[(*pos)++]);`
	`540`	`+ if (git_buf_putc(buf, spec[(*pos)++]) < 0)`
	`541`	`+ return -1;`
`541`	`542`	`}`
`542`	`543`
`543`	`544`	`(*pos)++;`