contrib/checkpatch: avoid command injection in checkpatch.pl script
The capture variables, $1, etc, are not valid unless the match succeeded, and they're not cleared, either. $ git checkout -B C origin/master && \ echo XXXXX > f.txt && \ git add f.txt && \ git commit -m 'this commit does something()' Branch 'C' set up to track remote branch 'master' from 'origin'. Reset branch 'C' Your branch is up to date with 'origin/master'. sh: -c: line 0: syntax error near unexpected token `(' sh: -c: line 0: `git log --abbrev=12 --pretty=format:"%h ('%s')" -1 does something() 2>/dev/null' >>> VALIDATE "a169a98e14 this commit does something()" (commit message):4: Commit 'does something()' does not seem to exist: > Subject: [PATCH] this commit does something() (commit message):4: Refer to the commit id properly: : > Subject: [PATCH] this commit does something() The patch does not validate.
Showing with 11 additions and 5 deletions