From 2364735c8fc08615fd868244e9e00143c70c0c22 Mon Sep 17 00:00:00 2001
From: Philip Kelley <phkelley@hotmail.com>
Date: Fri, 9 Nov 2012 15:39:10 -0500
Subject: [PATCH 1/3] Fix implementation of strndup to not overrun

---
 src/util.h | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/util.h b/src/util.h
index 4f83d3bc1..3d00e9c85 100644
--- a/src/util.h
+++ b/src/util.h
@@ -42,12 +42,11 @@ GIT_INLINE(char *) git__strdup(const char *str)
 
 GIT_INLINE(char *) git__strndup(const char *str, size_t n)
 {
-	size_t length;
+	size_t length = 0;
 	char *ptr;
 
-	length = strlen(str);
-	if (n < length)
-		length = n;
+	while (length < n && str[length])
+		++length;
 
 	ptr = (char*)malloc(length + 1);
 	if (!ptr) {
@@ -55,7 +54,9 @@ GIT_INLINE(char *) git__strndup(const char *str, size_t n)
 		return NULL;
 	}
 
-	memcpy(ptr, str, length);
+	if (length)
+		memcpy(ptr, str, length);
+
 	ptr[length] = '\0';
 
 	return ptr;

From 2f683f00971239007e1d602ec1a71a1eb10f4f5e Mon Sep 17 00:00:00 2001
From: Philip Kelley <phkelley@hotmail.com>
Date: Fri, 9 Nov 2012 15:39:25 -0500
Subject: [PATCH 2/3] Fix uninitialized memory in winhttp subtransport on
 64-bit

---
 src/transports/winhttp.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/transports/winhttp.c b/src/transports/winhttp.c
index 44617f389..df6cd87ec 100644
--- a/src/transports/winhttp.c
+++ b/src/transports/winhttp.c
@@ -278,6 +278,7 @@ static int winhttp_stream_read(
 {
 	winhttp_stream *s = (winhttp_stream *)stream;
 	winhttp_subtransport *t = OWNING_SUBTRANSPORT(s);
+	DWORD dw_bytes_read;
 
 replay:
 	/* Connect if necessary */
@@ -376,12 +377,14 @@ replay:
 	if (!WinHttpReadData(s->request,
 		(LPVOID)buffer,
 		buf_size,
-		(LPDWORD)bytes_read))
+		&dw_bytes_read))
 	{
 		giterr_set(GITERR_OS, "Failed to read data");
 		return -1;
 	}
 
+	*bytes_read = dw_bytes_read;
+
 	return 0;
 }
 

From fcd03bebbfda5cfc76604645edd85fe030349a1b Mon Sep 17 00:00:00 2001
From: Philip Kelley <phkelley@hotmail.com>
Date: Fri, 9 Nov 2012 15:57:32 -0500
Subject: [PATCH 3/3] Fix a mutex/critical section leak

---
 src/cache.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/cache.c b/src/cache.c
index 1f5b8872c..edd3a47dd 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -41,6 +41,7 @@ void git_cache_free(git_cache *cache)
 			git_cached_obj_decref(cache->nodes[i], cache->free_obj);
 	}
 
+	git_mutex_free(&cache->lock);
 	git__free(cache->nodes);
 }