blame: don't overflow time buffer
When showing the raw timestamp, we format the numeric seconds-since-epoch into a buffer, followed by the timezone string. This string has come straight from the commit object. A well-formed object should have a timezone string of only a few bytes, but we could be operating on data pushed by a malicious user. Signed-off-by: NJeff King <peff@peff.net> Signed-off-by: NJunio C Hamano <gitster@pobox.com>
Showing
想要评论请 注册 或 登录