X-Git-Url: http://pileus.org/git/?a=blobdiff_plain;f=hex.c;h=9ebc050637532765b775cbd8e3b92951a67ea333;hb=7bb2bf8e5cc47f7731c9c012ecc943b14f99ee5a;hp=bb402fbaa2a04ef0849789fdd814dcbb8773fff5;hpb=5590fe762ff9d68f6968d80979e446576e61e2e1;p=~andy%2Fgit

diff --git a/hex.c b/hex.c
index bb402fbaa..9ebc05063 100644
--- a/hex.c
+++ b/hex.c
@@ -39,7 +39,15 @@ int get_sha1_hex(const char *hex, unsigned char *sha1)
 {
 	int i;
 	for (i = 0; i < 20; i++) {
-		unsigned int val = (hexval(hex[0]) << 4) | hexval(hex[1]);
+		unsigned int val;
+		/*
+		 * hex[1]=='\0' is caught when val is checked below,
+		 * but if hex[0] is NUL we have to avoid reading
+		 * past the end of the string:
+		 */
+		if (!hex[0])
+			return -1;
+		val = (hexval(hex[0]) << 4) | hexval(hex[1]);
 		if (val & ~0xff)
 			return -1;
 		*sha1++ = val;