xdiff: clamp function context indices in post-image

peff · gitster · commit b777f3fd619a · 2019-07-23T14:26:13.000-07:00
After finding a function line for --function-context in the pre-image,
xdl_emit_diff() calculates the equivalent line in the post-image.  It
assumes that the lines between changes are the same on both sides.  If
the option --ignore-blank-lines was also given then this is not
necessarily true.

Clamp the calculation results for start and end of the function context
to prevent out-of-bounds array accesses.

Note that this _just_ fixes the case where our mismatch sends us off the
beginning of the file. There are likely other cases where our assumption
causes us to go to the wrong line within the file. Nobody has developed
a test case yet, and the ultimate fix is likely more complicated than
this patch. But this at least prevents a segfault in the meantime.

Credit for finding the bug goes to "Liu Wei of Tencent Security Xuanwu
Lab".

Reported-by: 刘炜 &lt;lw17qhdz@gmail.com&gt;
Helped-by: René Scharfe &lt;l.s.r@web.de&gt;
Signed-off-by: Jeff King &lt;peff@peff.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
diff --git a/t/t4015-diff-whitespace.sh b/t/t4015-diff-whitespace.sh
@@ -1897,4 +1897,26 @@ test_expect_success 'compare whitespace delta incompatible with other space opti
 	test_i18ngrep allow-indentation-change err
 '
 
+# Note that the "6" in the expected hunk header below is funny, since we only
+# show 5 lines (the missing one was blank and thus ignored). This is how
+# --ignore-blank-lines behaves even without --function-context, and this test
+# is just checking the interaction of the two features. Don't take it as an
+# endorsement of that output.
+test_expect_success 'combine --ignore-blank-lines with --function-context' '
+	test_write_lines 1 "" 2 3 4 5 >a &&
+	test_write_lines 1    2 3 4   >b &&
+	test_must_fail git diff --no-index \
+		--ignore-blank-lines --function-context a b >actual.raw &&
+	sed -n "/@@/,\$p" <actual.raw >actual &&
+	cat <<-\EOF >expect &&
+	@@ -1,6 +1,4 @@
+	 1
+	 2
+	 3
+	 4
+	-5
+	EOF
+	test_cmp expect actual
+'
+
 test_done
diff --git a/xdiff/xemit.c b/xdiff/xemit.c
@@ -210,7 +210,7 @@ int xdl_emit_diff(xdfenv_t *xe, xdchange_t *xscr, xdemitcb_t *ecb,
 			if (fs1 < 0)
 				fs1 = 0;
 			if (fs1 < s1) {
-				s2 -= s1 - fs1;
+				s2 = XDL_MAX(s2 - (s1 - fs1), 0);
 				s1 = fs1;
 			}
 		}
@@ -232,7 +232,7 @@ int xdl_emit_diff(xdfenv_t *xe, xdchange_t *xscr, xdemitcb_t *ecb,
 			if (fe1 < 0)
 				fe1 = xe->xdf1.nrec;
 			if (fe1 > e1) {
-				e2 += fe1 - e1;
+				e2 = XDL_MIN(e2 + (fe1 - e1), xe->xdf2.nrec);
 				e1 = fe1;
 			}
 

Original file line number	Diff line number	Diff line change
`@@ -210,7 +210,7 @@ int xdl_emit_diff(xdfenv_t xe, xdchange_t xscr, xdemitcb_t *ecb,`
`210`	`210`	`if (fs1 < 0)`
`211`	`211`	`fs1 = 0;`
`212`	`212`	`if (fs1 < s1) {`
`213`		`- s2 -= s1 - fs1;`
	`213`	`+ s2 = XDL_MAX(s2 - (s1 - fs1), 0);`
`214`	`214`	`s1 = fs1;`
`215`	`215`	`}`
`216`	`216`	`}`
`@@ -232,7 +232,7 @@ int xdl_emit_diff(xdfenv_t xe, xdchange_t xscr, xdemitcb_t *ecb,`
`232`	`232`	`if (fe1 < 0)`
`233`	`233`	`fe1 = xe->xdf1.nrec;`
`234`	`234`	`if (fe1 > e1) {`
`235`		`- e2 += fe1 - e1;`
	`235`	`+ e2 = XDL_MIN(e2 + (fe1 - e1), xe->xdf2.nrec);`
`236`	`236`	`e1 = fe1;`
`237`	`237`	`}`
`238`	`238`