Bug Fixes
-
avoid packetline panic on empty sideband payload
GHSA-2vh6-hw4j-32ww reports that gix-packetline can panic when side-band
progress or error packets contain only the band designator and no payload. The
same unchecked indexing pattern also existed in PacketLineRef::decode_band() for
direct empty side-band data.Git baseline: git.git sideband.c demultiplex_sideband() handles side-band
records by checking the received length before using the band designator,
reports missing designators as protocol errors, and permits progress/error
payload handling without assuming non-empty text.
Commit Statistics
- 5 commits contributed to the release over the course of 20 calendar days.
- 20 days passed between releases.
- 1 commit was understood as conventional.
- 0 issues like '(#ID)' were seen in commit messages