receive-pack: do not overallocate command structure

gitster · gitster · commit 3bfcb95fa84d · 2014-09-15T13:23:18.000-07:00
An "update" command in the protocol exchange consists of 40-hex old
object name, SP, 40-hex new object name, SP, and a refname, but the
first instance is further followed by a NUL with feature requests.

The command structure, which has a flex-array member that stores the
refname at the end, was allocated based on the whole length of the
update command, without excluding the trailing feature requests.

Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
diff --git a/builtin/receive-pack.c b/builtin/receive-pack.c
@@ -872,10 +872,11 @@ static struct command *read_head_info(struct sha1_array *shallow)
 			if (parse_feature_request(feature_list, "quiet"))
 				quiet = 1;
 		}
-		cmd = xcalloc(1, sizeof(struct command) + len - 80);
+		cmd = xcalloc(1, sizeof(struct command) + reflen + 1);
 		hashcpy(cmd->old_sha1, old_sha1);
 		hashcpy(cmd->new_sha1, new_sha1);
-		memcpy(cmd->ref_name, line + 82, len - 81);
+		memcpy(cmd->ref_name, refname, reflen);
+		cmd->ref_name[reflen] = '\0';
 		*p = cmd;
 		p = &cmd->next;
 	}

Original file line number	Diff line number	Diff line change
`@@ -872,10 +872,11 @@ static struct command read_head_info(struct sha1_array shallow)`
`872`	`872`	`if (parse_feature_request(feature_list, "quiet"))`
`873`	`873`	`quiet = 1;`
`874`	`874`	`}`
`875`		`- cmd = xcalloc(1, sizeof(struct command) + len - 80);`
	`875`	`+ cmd = xcalloc(1, sizeof(struct command) + reflen + 1);`
`876`	`876`	`hashcpy(cmd->old_sha1, old_sha1);`
`877`	`877`	`hashcpy(cmd->new_sha1, new_sha1);`
`878`		`- memcpy(cmd->ref_name, line + 82, len - 81);`
	`878`	`+ memcpy(cmd->ref_name, refname, reflen);`
	`879`	`+ cmd->ref_name[reflen] = '\0';`
`879`	`880`	`*p = cmd;`
`880`	`881`	`p = &cmd->next;`
`881`	`882`	`}`