summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJunio C Hamano <junkio@cox.net>2006-04-18 00:46:07 (GMT)
committerJunio C Hamano <junkio@cox.net>2006-04-18 00:46:07 (GMT)
commit2855d58079cd56361879cc03f7c769409bb445e5 (patch)
tree6d9805126c9f471468a3599493744db6b04f9834
parentbb996614de4fddfa73286479f3c6a901107a2629 (diff)
downloadgit-2855d58079cd56361879cc03f7c769409bb445e5.zip
git-2855d58079cd56361879cc03f7c769409bb445e5.tar.gz
git-2855d58079cd56361879cc03f7c769409bb445e5.tar.bz2
packed_object_info_detail(): check for corrupt packfile.
Serge E. Hallyn noticed that we compute how many input bytes are still left, but did not use it for sanity checking. Signed-off-by: Junio C Hamano <junkio@cox.net>
-rw-r--r--sha1_file.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/sha1_file.c b/sha1_file.c
index e3d0113..f2d33af 100644
--- a/sha1_file.c
+++ b/sha1_file.c
@@ -874,17 +874,19 @@ void packed_object_info_detail(struct pack_entry *e,
unsigned char *base_sha1)
{
struct packed_git *p = e->p;
- unsigned long offset, left;
+ unsigned long offset;
unsigned char *pack;
enum object_type kind;
offset = unpack_object_header(p, e->offset, &kind, size);
pack = p->pack_base + offset;
- left = p->pack_size - offset;
if (kind != OBJ_DELTA)
*delta_chain_length = 0;
else {
unsigned int chain_length = 0;
+ if (p->pack_size <= offset + 20)
+ die("pack file %s records an incomplete delta base",
+ p->pack_name);
memcpy(base_sha1, pack, 20);
do {
struct pack_entry base_ent;