From a1f6c4b762b5a10ee6cd7228e082d55578514d5a Mon Sep 17 00:00:00 2001 From: Joris Vink Date: Thu, 22 May 2008 07:57:59 +0000 Subject: fix updating to tags pointing at branch revisions; from Neels Janosch Hofmeyr and Stefan Sperling --- usr.bin/cvs/rcs.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'usr.bin') diff --git a/usr.bin/cvs/rcs.c b/usr.bin/cvs/rcs.c index dd3eaf0f11f..137773e2eb5 100644 --- a/usr.bin/cvs/rcs.c +++ b/usr.bin/cvs/rcs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rcs.c,v 1.264 2008/05/17 21:06:44 tobias Exp $ */ +/* $OpenBSD: rcs.c,v 1.265 2008/05/22 07:57:58 joris Exp $ */ /* * Copyright (c) 2004 Jean-Francois Brousseau * All rights reserved. @@ -2612,10 +2612,18 @@ rcs_get_revision(const char *revstr, RCSFILE *rfp) /* * If it was not a branch, thats ok the symbolic * name refered to a revision, so return the resolved - * revision for the given name if it is not newer than HEAD. - */ + * revision for the given name. */ if (!RCSNUM_ISBRANCH(rev)) { - if (rcsnum_cmp(rev, rfp->rf_head, 0) < 0) { + /* Sanity check: The first two elements of any + * revision (be it on a branch or on trunk) cannot + * be greater than HEAD. + * + * XXX: To avoid comparing to uninitialized memory, + * the minimum of both revision lengths is taken + * instead of just 2. + */ + if (rcsnum_cmp(rev, rfp->rf_head, + MIN(rfp->rf_head->rn_len, rev->rn_len)) < 0) { rcsnum_free(rev); return NULL; } -- cgit v1.2.3