[PATCH] html.c: avoid out-of-bounds access for url_escape_table
Eric Wong
normalperson at yhbt.net
Thu Jul 21 05:24:54 CEST 2011
This fixes a segfault for me with with -O2 optimization on x86
with gcc (Debian 4.4.5-8) 4.4.5
I can reliably reproduce it with the following parameters
when pointed to the git.git repository:
PATH_INFO='/git-core.git/diff/'
QUERY_STRING='id=2b93bfac0f5bcabbf60f174f4e7bfa9e318e64d5&id2=d6da71a9d16b8cf27f9d8f90692d3625c849cbc8'
---
html.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/html.c b/html.c
index 24a03a5..5b07aa0 100644
--- a/html.c
+++ b/html.c
@@ -162,7 +162,7 @@ void html_url_path(const char *txt)
{
const char *t = txt;
while(t && *t){
- int c = *t;
+ unsigned char c = *t;
const char *e = url_escape_table[c];
if (e && c!='+' && c!='&') {
html_raw(txt, t - txt);
@@ -179,7 +179,7 @@ void html_url_arg(const char *txt)
{
const char *t = txt;
while(t && *t){
- int c = *t;
+ unsigned char c = *t;
const char *e = url_escape_table[c];
if (c == ' ')
e = "+";
--
Eric Wong
More information about the CGit
mailing list