summaryrefslogtreecommitdiff
path: root/usr.bin/cvs/rcs.c
diff options
context:
space:
mode:
Diffstat (limited to 'usr.bin/cvs/rcs.c')
-rw-r--r--usr.bin/cvs/rcs.c16
1 files changed, 12 insertions, 4 deletions
diff --git a/usr.bin/cvs/rcs.c b/usr.bin/cvs/rcs.c
index dd3eaf0f11f..137773e2eb5 100644
--- a/usr.bin/cvs/rcs.c
+++ b/usr.bin/cvs/rcs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rcs.c,v 1.264 2008/05/17 21:06:44 tobias Exp $ */
+/* $OpenBSD: rcs.c,v 1.265 2008/05/22 07:57:58 joris Exp $ */
/*
* Copyright (c) 2004 Jean-Francois Brousseau <jfb@openbsd.org>
* All rights reserved.
@@ -2612,10 +2612,18 @@ rcs_get_revision(const char *revstr, RCSFILE *rfp)
/*
* If it was not a branch, thats ok the symbolic
* name refered to a revision, so return the resolved
- * revision for the given name if it is not newer than HEAD.
- */
+ * revision for the given name. */
if (!RCSNUM_ISBRANCH(rev)) {
- if (rcsnum_cmp(rev, rfp->rf_head, 0) < 0) {
+ /* Sanity check: The first two elements of any
+ * revision (be it on a branch or on trunk) cannot
+ * be greater than HEAD.
+ *
+ * XXX: To avoid comparing to uninitialized memory,
+ * the minimum of both revision lengths is taken
+ * instead of just 2.
+ */
+ if (rcsnum_cmp(rev, rfp->rf_head,
+ MIN(rfp->rf_head->rn_len, rev->rn_len)) < 0) {
rcsnum_free(rev);
return NULL;
}