Comments (8)
Oh dear I had no idea!
from git2-rs.
Investigating more carefully, it looks like libgit2 might handle the length automatically, at least in git_index_add
. But it's still not safe to expose path directly, because it must be NUL-terminated.
from git2-rs.
Yeah this sounds pretty bad all around, and IndexEntry
may end up just needing a complete overhaul
from git2-rs.
A related issue I just ran into: if you read an IndexEntry using git2::Index::get_path
, and then add that entry to another index using .git2::Index::add
, that can read off the end of the .path
field. Whatever safety property .add
needs, the IndexEntry returned by .get_path
doesn't seem to satisfy.
from git2-rs.
Oh dear, this appears to be extra bad then! Thanks for the reports!
Ah and I am indeed acrichto on IRC, sorry I missed your ping! I probably won't be able to get around to this until perhaps this weekend at the earliest, but if you want to try to tackle it ahead of time feel free as well!
from git2-rs.
Ok, can you try giving master a spin? If it works I'll publish a release
from git2-rs.
@alexcrichton Seems to work; I removed the workarounds I had for NUL handling, and everything seems functional.
I made one comment on the commit, regarding whether IndexEntry should have a Path
instead of a Vec<u8>
to make it explicit that it shouldn't have NUL handling. Otherwise, this looks good to me.
from git2-rs.
Ok, thanks for checking!
from git2-rs.
Related Issues (20)
- Find files added between two commits
- Issue linking with arm64 and musl (Alpine 3.18) HOT 1
- how can i see changes in merge request?
- Git2-rs on Android got error "the SSL certificate is invalid" HOT 1
- How to resolve `HEAD` on an empty repository? HOT 1
- Documentation for update_index should be tweaked
- `error: failed to run custom build command for libgit2-sys v0.15.2+1.6.4` (Windows) HOT 1
- release with bumped `bitflags` version HOT 3
- Update git2-rs HOT 1
- failed to install "git2-curl" when installing cargo-outdated HOT 2
- some problem with api Repository::stash_save_ext
- Clone with depth HOT 2
- Mismatched binary detection behaviour on diffs HOT 5
- Is there a way to clone a partial part of a git project? HOT 1
- Fails to build on recent glibc due to regexp.h HOT 2
- How to pull & rebase HOT 3
- Allow setting GIT_OPT_SET_SSL_CERT_LOCATIONS option in libgit2 HOT 2
- How do I preform a simple `show`. HOT 3
- rustls support? HOT 1
- Donating Funds to git2-rs HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from git2-rs.