mingw: fix possible buffer overrun when calling `GetUserNameW()`
authorJohannes Schindelin <johannes.schindelin@gmx.de>
Thu, 4 Jul 2019 22:36:57 +0000 (15:36 -0700)
committerJunio C Hamano <gitster@pobox.com>
Mon, 8 Jul 2019 19:09:12 +0000 (12:09 -0700)
In 39a98e9b68b8 (mingw: get pw_name in UTF-8 format, 2019-06-27), this
developer missed the fact that the `GetUserNameW()` function takes the
number of characters as `len` parameter, not the number of bytes.

Reported-by: Beat Bolli <dev+git@drbeat.li>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
compat/mingw.c

index b8a62bf..a0eb695 100644 (file)
@@ -1952,7 +1952,7 @@ struct passwd *getpwuid(int uid)
        if (initialized)
                return p;
 
-       len = sizeof(buf);
+       len = ARRAY_SIZE(buf);
        if (!GetUserNameW(buf, &len)) {
                initialized = 1;
                return NULL;