On Sat, Mar 08, 2014 at 06:35:01PM +0000, John Keeping wrote: > When commit a88c915 (mv: move submodules using a gitfile, 2013-07-30) > added the submodule_gitfile array, it was not added to the block that > enlarges the arrays when we are moving a directory so that we do not > have to worry about it being a directory when we perform the actual > move. After this, the loop continues over the enlarged set of sources. > > Since we assume that submodule_gitfile has size argc, if any of the > items in the source directory are submodules we are guaranteed to write > beyond the end of submodule_gitfile. > > Fix this by realloc'ing submodule_gitfile at the same time as the other > arrays. > > Reported-by: Guillaume Gelin > Signed-off-by: John Keeping > --- > On Sat, Mar 08, 2014 at 06:12:18PM +0000, John Keeping wrote: > > This fixes it for me: > > Here it is as a proper patch. > > builtin/mv.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/builtin/mv.c b/builtin/mv.c > index 21c46d1..f99c91e 100644 > --- a/builtin/mv.c > +++ b/builtin/mv.c > @@ -179,6 +179,9 @@ int cmd_mv(int argc, const char **argv, const char *prefix) > modes = xrealloc(modes, > (argc + last - first) > * sizeof(enum update_mode)); > + submodule_gitfile = xrealloc(submodule_gitfile, > + (argc + last - first) > + * sizeof(char *)); > } > > dst = add_slash(dst); Yup, that's the same conclusion I came to. There are also two cases where we don't shrink the array properly. I'll rebase my patch on top of this one and send it. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187