diff options
| author | Junio C Hamano <gitster@pobox.com> | 2010-02-10 21:02:16 (GMT) |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2010-02-10 21:02:16 (GMT) |
| commit | c329898abb167f05e37f3d0305e833127a26a4d0 (patch) | |
| tree | a1011f24c17d6eec6edb52702f5803db5eee5d6f | |
| parent | b0e67fffb42059cc5dca6f58c376a2ffc5fb4520 (diff) | |
| parent | 4ab07e4d1076a1b94b91d58913daeb20eb1c0e2d (diff) | |
| download | git-c329898abb167f05e37f3d0305e833127a26a4d0.zip git-c329898abb167f05e37f3d0305e833127a26a4d0.tar.gz git-c329898abb167f05e37f3d0305e833127a26a4d0.tar.bz2 | |
Merge branch 'il/maint-xmallocz' into maint
* il/maint-xmallocz:
Fix integer overflow in unpack_compressed_entry()
Fix integer overflow in unpack_sha1_rest()
Fix integer overflow in patch_delta()
Add xmallocz()
| -rw-r--r-- | git-compat-util.h | 1 | ||||
| -rw-r--r-- | patch-delta.c | 3 | ||||
| -rw-r--r-- | sha1_file.c | 6 | ||||
| -rw-r--r-- | wrapper.c | 15 |
4 files changed, 15 insertions, 10 deletions
diff --git a/git-compat-util.h b/git-compat-util.h index a979e41..812f55a 100644 --- a/git-compat-util.h +++ b/git-compat-util.h @@ -345,6 +345,7 @@ extern void release_pack_memory(size_t, int); extern char *xstrdup(const char *str); extern void *xmalloc(size_t size); +extern void *xmallocz(size_t size); extern void *xmemdupz(const void *data, size_t len); extern char *xstrndup(const char *str, size_t len); extern void *xrealloc(void *ptr, size_t size); diff --git a/patch-delta.c b/patch-delta.c index e02e13b..d218faa 100644 --- a/patch-delta.c +++ b/patch-delta.c @@ -33,8 +33,7 @@ void *patch_delta(const void *src_buf, unsigned long src_size, /* now the result size */ size = get_delta_hdr_size(&data, top); - dst_buf = xmalloc(size + 1); - dst_buf[size] = 0; + dst_buf = xmallocz(size); out = dst_buf; while (data < top) { diff --git a/sha1_file.c b/sha1_file.c index 63981fb..23d347c 100644 --- a/sha1_file.c +++ b/sha1_file.c @@ -1232,7 +1232,7 @@ static int unpack_sha1_header(z_stream *stream, unsigned char *map, unsigned lon static void *unpack_sha1_rest(z_stream *stream, void *buffer, unsigned long size, const unsigned char *sha1) { int bytes = strlen(buffer) + 1; - unsigned char *buf = xmalloc(1+size); + unsigned char *buf = xmallocz(size); unsigned long n; int status = Z_OK; @@ -1260,7 +1260,6 @@ static void *unpack_sha1_rest(z_stream *stream, void *buffer, unsigned long size while (status == Z_OK) status = git_inflate(stream, Z_FINISH); } - buf[size] = 0; if (status == Z_STREAM_END && !stream->avail_in) { git_inflate_end(stream); return buf; @@ -1583,8 +1582,7 @@ static void *unpack_compressed_entry(struct packed_git *p, z_stream stream; unsigned char *buffer, *in; - buffer = xmalloc(size + 1); - buffer[size] = 0; + buffer = xmallocz(size); memset(&stream, 0, sizeof(stream)); stream.next_out = buffer; stream.avail_out = size + 1; @@ -34,6 +34,16 @@ void *xmalloc(size_t size) return ret; } +void *xmallocz(size_t size) +{ + void *ret; + if (size + 1 < size) + die("Data too large to fit into virtual memory space."); + ret = xmalloc(size + 1); + ((char*)ret)[size] = 0; + return ret; +} + /* * xmemdupz() allocates (len + 1) bytes of memory, duplicates "len" bytes of * "data" to the allocated memory, zero terminates the allocated memory, @@ -42,10 +52,7 @@ void *xmalloc(size_t size) */ void *xmemdupz(const void *data, size_t len) { - char *p = xmalloc(len + 1); - memcpy(p, data, len); - p[len] = '\0'; - return p; + return memcpy(xmallocz(len), data, len); } char *xstrndup(const char *str, size_t len) |