)]}'
{
  "commit": "5feb8cdb6ff497e45cda73839dacafc240bf83bb",
  "tree": "fd3c99ccf093d56e957068e763d9c83d774ca2c7",
  "parents": [
    "b822ce85aaed8c6dfa8f5e1e2354db5c9db50509"
  ],
  "author": {
    "name": "Xiang Wang",
    "email": "merle@hardenedlinux.org",
    "time": "Wed Jan 20 17:31:19 2021 +0800"
  },
  "committer": {
    "name": "Felix Singer",
    "email": "felixsinger@posteo.net",
    "time": "Thu Sep 29 17:05:38 2022 +0000"
  },
  "message": "helpers.c: Fix undefined behavior in strndup()\n\nUsing strlen() or strdup() inside strndup() is problematic: if the\ninput string is not null-terminated, these functions can read past the\nend of the buffer, which triggers undefined behavior. Rewrite the\nfunction to never read past the provided `maxlen` bound.\n\nChange-Id: Id34127024085879228626fbad59af03268ec5255\nSigned-off-by: Xiang Wang \u003cmerle@hardenedliux.org\u003e\nReviewed-on: https://review.coreboot.org/c/flashrom/+/49741\nReviewed-by: Angel Pons \u003cth3fanbus@gmail.com\u003e\nReviewed-by: Edward O\u0027Callaghan \u003cquasisec@chromium.org\u003e\nTested-by: build bot (Jenkins) \u003cno-reply@coreboot.org\u003e\nReviewed-on: https://review.coreboot.org/c/flashrom/+/67870\nReviewed-by: Felix Singer \u003cfelixsinger@posteo.net\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "c83cd2cb024ac55a46fb08a5b90012aec6194e9c",
      "old_mode": 33188,
      "old_path": "helpers.c",
      "new_id": "289848d7d6cdd3b64eaff5d130145c96472537d2",
      "new_mode": 33188,
      "new_path": "helpers.c"
    }
  ]
}