From 89ccc1b09cf4004e6129c66def42b47206ed6b5f Mon Sep 17 00:00:00 2001 From: John Keeping Date: Sat, 8 Mar 2014 19:29:17 +0000 Subject: [PATCH 1/2] builtin/mv: fix out of bounds write When commit a88c915 (mv: move submodules using a gitfile, 2013-07-30) added the submodule_gitfile array, it was not added to the block that enlarges the arrays when we are moving a directory so that we do not have to worry about it being a directory when we perform the actual move. After this, the loop continues over the enlarged set of sources. Since we assume that submodule_gitfile has size argc, if any of the items in the source directory are submodules we are guaranteed to write beyond the end of submodule_gitfile. Fix this by realloc'ing submodule_gitfile at the same time as the other arrays. Reported-by: Guillaume Gelin Signed-off-by: John Keeping Signed-off-by: Junio C Hamano --- builtin/mv.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/builtin/mv.c b/builtin/mv.c index 21c46d1636..5258077224 100644 --- a/builtin/mv.c +++ b/builtin/mv.c @@ -179,6 +179,9 @@ int cmd_mv(int argc, const char **argv, const char *prefix) modes = xrealloc(modes, (argc + last - first) * sizeof(enum update_mode)); + submodule_gitfile = xrealloc(submodule_gitfile, + (argc + last - first) + * sizeof(char *)); } dst = add_slash(dst); @@ -192,6 +195,7 @@ int cmd_mv(int argc, const char **argv, const char *prefix) prefix_path(dst, dst_len, path + length + 1); modes[argc + j] = INDEX; + submodule_gitfile[argc + j] = NULL; } argc += last - first; } From fb8a4e8079ab8fc37e9cde32957c35637280ab8f Mon Sep 17 00:00:00 2001 From: "brian m. carlson" Date: Sat, 15 Mar 2014 18:56:52 +0000 Subject: [PATCH 2/2] mv: prevent mismatched data when ignoring errors. We shrink the source and destination arrays, but not the modes or submodule_gitfile arrays, resulting in potentially mismatched data. Shrink all the arrays at the same time to prevent this. Add tests to ensure the problem does not recur. Signed-off-by: brian m. carlson Signed-off-by: Junio C Hamano --- builtin/mv.c | 5 +++++ t/t7001-mv.sh | 13 ++++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/builtin/mv.c b/builtin/mv.c index 5258077224..45e57f307b 100644 --- a/builtin/mv.c +++ b/builtin/mv.c @@ -231,6 +231,11 @@ int cmd_mv(int argc, const char **argv, const char *prefix) memmove(destination + i, destination + i + 1, (argc - i) * sizeof(char *)); + memmove(modes + i, modes + i + 1, + (argc - i) * sizeof(enum update_mode)); + memmove(submodule_gitfile + i, + submodule_gitfile + i + 1, + (argc - i) * sizeof(char *)); i--; } } else diff --git a/t/t7001-mv.sh b/t/t7001-mv.sh index 3bfdfed1f7..4023b6ec48 100755 --- a/t/t7001-mv.sh +++ b/t/t7001-mv.sh @@ -294,7 +294,8 @@ test_expect_success 'setup submodule' ' git submodule add ./. sub && echo content >file && git add file && - git commit -m "added sub and file" + git commit -m "added sub and file" && + git branch submodule ' test_expect_success 'git mv cannot move a submodule in a file' ' @@ -442,4 +443,14 @@ test_expect_success 'mv --dry-run does not touch the submodule or .gitmodules' ' git diff-files --quiet -- sub .gitmodules ' +test_expect_success 'mv -k does not accidentally destroy submodules' ' + git checkout submodule && + mkdir dummy dest && + git mv -k dummy sub dest && + git status --porcelain >actual && + grep "^R sub -> dest/sub" actual && + git reset --hard && + git checkout . +' + test_done