fast-import: fix read of uninitialized argv memory

Fast-import shares code between its command-line parser and
the "option" command. To do so, it strips the "--" from any
command-line options and passes them to the option parser.
However, it does not confirm that the option even begins
with "--" before blindly passing "arg + 2".

It does confirm that the option starts with "-", so the only
affected case was:

  git fast-import -

which would read uninitialized memory after the argument. We
can fix it by using skip_prefix and checking the result. As
a bonus, this gets rid of some magic numbers.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/fast-import.c b/fast-import.c
index 6707a66471f2038a0c826c840a201a7362de95ed..b2030ccfb4d348a189b66868146a32d6cf99fed6 100644 (file)
--- a/fast-import.c
+++ b/fast-import.c
@@ -3342,18 +3342,21 @@ static void parse_argv(void)
                if (*a != '-' || !strcmp(a, "--"))
                        break;
 
-               if (parse_one_option(a + 2))
+               if (!skip_prefix(a, "--", &a))
+                       die("unknown option %s", a);
+
+               if (parse_one_option(a))
                        continue;
 
-               if (parse_one_feature(a + 2, 0))
+               if (parse_one_feature(a, 0))
                        continue;
 
-               if (starts_with(a + 2, "cat-blob-fd=")) {
-                       option_cat_blob_fd(a + 2 + strlen("cat-blob-fd="));
+               if (skip_prefix(a, "cat-blob-fd=", &a)) {
+                       option_cat_blob_fd(a);
                        continue;
                }
 
-               die("unknown option %s", a);
+               die("unknown option --%s", a);
        }
        if (i != global_argc)
                usage(fast_import_usage);