summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJunio C Hamano <gitster@pobox.com>2010-01-27 22:56:38 (GMT)
committerJunio C Hamano <gitster@pobox.com>2010-01-27 22:56:38 (GMT)
commita0075d9e6ae211e8bde3eb40c8cdebb1772ee680 (patch)
treeb29228a2bb894edd907b319b23c77025b5f9e407
parentf1694b62bb3a3e1766b92d64a38f61524cc730a0 (diff)
parent4ab07e4d1076a1b94b91d58913daeb20eb1c0e2d (diff)
downloadgit-a0075d9e6ae211e8bde3eb40c8cdebb1772ee680.zip
git-a0075d9e6ae211e8bde3eb40c8cdebb1772ee680.tar.gz
git-a0075d9e6ae211e8bde3eb40c8cdebb1772ee680.tar.bz2
Merge branch 'il/maint-xmallocz'
* il/maint-xmallocz: Fix integer overflow in unpack_compressed_entry() Fix integer overflow in unpack_sha1_rest() Fix integer overflow in patch_delta() Add xmallocz()
-rw-r--r--git-compat-util.h1
-rw-r--r--patch-delta.c3
-rw-r--r--sha1_file.c6
-rw-r--r--wrapper.c15
4 files changed, 15 insertions, 10 deletions
diff --git a/git-compat-util.h b/git-compat-util.h
index 620a7c6..a3c4537 100644
--- a/git-compat-util.h
+++ b/git-compat-util.h
@@ -348,6 +348,7 @@ extern void release_pack_memory(size_t, int);
extern char *xstrdup(const char *str);
extern void *xmalloc(size_t size);
+extern void *xmallocz(size_t size);
extern void *xmemdupz(const void *data, size_t len);
extern char *xstrndup(const char *str, size_t len);
extern void *xrealloc(void *ptr, size_t size);
diff --git a/patch-delta.c b/patch-delta.c
index e02e13b..d218faa 100644
--- a/patch-delta.c
+++ b/patch-delta.c
@@ -33,8 +33,7 @@ void *patch_delta(const void *src_buf, unsigned long src_size,
/* now the result size */
size = get_delta_hdr_size(&data, top);
- dst_buf = xmalloc(size + 1);
- dst_buf[size] = 0;
+ dst_buf = xmallocz(size);
out = dst_buf;
while (data < top) {
diff --git a/sha1_file.c b/sha1_file.c
index 12478a3..657825e 100644
--- a/sha1_file.c
+++ b/sha1_file.c
@@ -1166,7 +1166,7 @@ static int unpack_sha1_header(z_stream *stream, unsigned char *map, unsigned lon
static void *unpack_sha1_rest(z_stream *stream, void *buffer, unsigned long size, const unsigned char *sha1)
{
int bytes = strlen(buffer) + 1;
- unsigned char *buf = xmalloc(1+size);
+ unsigned char *buf = xmallocz(size);
unsigned long n;
int status = Z_OK;
@@ -1194,7 +1194,6 @@ static void *unpack_sha1_rest(z_stream *stream, void *buffer, unsigned long size
while (status == Z_OK)
status = git_inflate(stream, Z_FINISH);
}
- buf[size] = 0;
if (status == Z_STREAM_END && !stream->avail_in) {
git_inflate_end(stream);
return buf;
@@ -1517,8 +1516,7 @@ static void *unpack_compressed_entry(struct packed_git *p,
z_stream stream;
unsigned char *buffer, *in;
- buffer = xmalloc(size + 1);
- buffer[size] = 0;
+ buffer = xmallocz(size);
memset(&stream, 0, sizeof(stream));
stream.next_out = buffer;
stream.avail_out = size + 1;
diff --git a/wrapper.c b/wrapper.c
index c9be140..0e3e20a 100644
--- a/wrapper.c
+++ b/wrapper.c
@@ -34,6 +34,16 @@ void *xmalloc(size_t size)
return ret;
}
+void *xmallocz(size_t size)
+{
+ void *ret;
+ if (size + 1 < size)
+ die("Data too large to fit into virtual memory space.");
+ ret = xmalloc(size + 1);
+ ((char*)ret)[size] = 0;
+ return ret;
+}
+
/*
* xmemdupz() allocates (len + 1) bytes of memory, duplicates "len" bytes of
* "data" to the allocated memory, zero terminates the allocated memory,
@@ -42,10 +52,7 @@ void *xmalloc(size_t size)
*/
void *xmemdupz(const void *data, size_t len)
{
- char *p = xmalloc(len + 1);
- memcpy(p, data, len);
- p[len] = '\0';
- return p;
+ return memcpy(xmallocz(len), data, len);
}
char *xstrndup(const char *str, size_t len)