commit 88c260f4a8605679ac53139d0e8f8d7617d68ea9
from: Omar Polo <op@omarpolo.com>
via: Thomas Adam <thomas@xteddy.org>
date: Sat May 14 23:05:46 2022 UTC

got patch: fail when reading empty hunks

commit - 7f20c2a8f882b91c6e5d03ba371595eb0211126b
commit + 88c260f4a8605679ac53139d0e8f8d7617d68ea9
blob - 1bf4c94e8547d98c0baa7a383e7390d4c82e22d8
blob + 86f80b3ecac7e61aabf96d11efa5bafe09c3114d
--- lib/patch.c
+++ lib/patch.c
@@ -212,9 +212,12 @@ recv_patch(struct imsgbuf *ibuf, int *done, struct got
 
 		switch (imsg.hdr.type) {
 		case GOT_IMSG_PATCH_DONE:
+			if (h != NULL && h->len == 0)
+				err = got_error(GOT_ERR_PATCH_MALFORMED);
 			goto done;
 		case GOT_IMSG_PATCH_HUNK:
-			if (h != NULL && (h->old_nonl || h->new_nonl)) {
+			if (h != NULL &&
+			    (h->len == 0 || h->old_nonl || h->new_nonl)) {
 				err = got_error(GOT_ERR_PATCH_MALFORMED);
 				goto done;
 			}
@@ -467,9 +470,6 @@ patch_file(struct got_patch *p, const char *path, FILE
 
 	copypos = 0;
 	STAILQ_FOREACH(h, &p->head, entries) {
-		if (h->lines == NULL)
-			break;
-
 	tryagain:
 		err = locate_hunk(orig, h, &pos, &lineno);
 		if (err != NULL && err->code == GOT_ERR_HUNK_FAILED)
blob - bba6c3881d64774c3fccad8b40763d530931bbdf
blob + 4311a8209bec2cca71eb9926a09a36a884ee5eac
--- libexec/got-read-patch/got-read-patch.c
+++ libexec/got-read-patch/got-read-patch.c
@@ -266,7 +266,8 @@ parse_hdr(char *s, int *done, struct got_imsg_patch_hu
 	if (hdr->oldfrom >= LONG_MAX - hdr->oldlines ||
 	    hdr->newfrom >= LONG_MAX - hdr->newlines ||
 	    /* not so sure about this one */
-	    hdr->oldlines >= LONG_MAX - hdr->newlines - 1)
+	    hdr->oldlines >= LONG_MAX - hdr->newlines - 1 ||
+	    (hdr->oldlines == 0 && hdr->newlines == 0))
 		return got_error(GOT_ERR_PATCH_MALFORMED);
 
 	if (hdr->oldlines == 0) {
blob - b30e9e02052c205e40d442f72d8988369b6eea06
blob + 155c33f0173f68f8c1375feaf38ffc73113b0b7e
--- regress/cmdline/patch.sh
+++ regress/cmdline/patch.sh
@@ -509,6 +509,40 @@ EOF
 @@ -1 +1,2 @@
 +hatsuseno
 alpha
+EOF
+
+	(cd $testroot/wt && got patch patch) \
+		 > $testroot/stdout \
+		2> $testroot/stderr
+	ret=$?
+	if [ $ret -eq 0 ]; then
+		echo "got managed to apply an invalid patch"
+		test_done $testroot 1
+		return 1
+	fi
+
+	cmp -s $testroot/stdout.expected $testroot/stdout
+	ret=$?
+	if [ $ret -ne 0 ]; then
+		diff -u $testroot/stdout.expected $testroot/stdout
+		test_done $testroot $ret
+		return 1
+	fi
+
+	cmp -s $testroot/stderr.expected $testroot/stderr
+	ret=$?
+	if [ $ret -ne 0 ]; then
+		diff -u $testroot/stderr.expected $testroot/stderr
+		test_done $testroot $ret
+		return 1
+	fi
+
+	# empty hunk
+	cat <<EOF > $testroot/wt/patch
+diff --git a/alpha b/iota
+--- a/alpha
++++ b/iota
+@@ -0,0 +0,0 @@
 EOF
 
 	(cd $testroot/wt && got patch patch) \