Merge branch 'tb/cap-patch-at-1gb'

"git apply" limits its input to a bit less than 1 GiB. * tb/cap-patch-at-1gb: apply: reject patches larger than ~1 GiB
author: Taylor Blau <me@ttaylorr.com> 2022-10-31 01:04:43 (GMT)
committer: Taylor Blau <me@ttaylorr.com> 2022-10-31 01:04:43 (GMT)
commit: c41ec63ef5e68b4e5d2896390948223f5793c4e9 (patch)
tree: 7959367edf8d1c703f005b3f51e841ff7386537b /apply.c
parent: c7ccd4eae92a551f5237fc04e2997274d543ec5b (diff)
parent: f1c0e3946e0bdec16d6440fb7e52edbe78cf12b3 (diff)
download: git-c41ec63ef5e68b4e5d2896390948223f5793c4e9.zip
git-c41ec63ef5e68b4e5d2896390948223f5793c4e9.tar.gz
git-c41ec63ef5e68b4e5d2896390948223f5793c4e9.tar.bz2
1 files changed, 11 insertions, 1 deletions
diff --git a/apply.c b/apply.c
index 6b4dbe0..bc33814 100644
--- a/apply.c
+++ b/apply.c
@@ -386,9 +386,19 @@ static void say_patch_name(FILE *output, const char *fmt, struct patch *patch)
 
 #define SLOP (16)
 
+/*
+ * apply.c isn't equipped to handle arbitrarily large patches, because
+ * it intermingles `unsigned long` with `int` for the type used to store
+ * buffer lengths.
+ *
+ * Only process patches that are just shy of 1 GiB large in order to
+ * avoid any truncation or overflow issues.
+ */
+#define MAX_APPLY_SIZE (1024UL * 1024 * 1023)
+
 static int read_patch_file(struct strbuf *sb, int fd)
 {
-	if (strbuf_read(sb, fd, 0) < 0)
+	if (strbuf_read(sb, fd, 0) < 0 || sb->len >= MAX_APPLY_SIZE)
 		return error_errno("git apply: failed to read");
 
 	/*
author	Taylor Blau <me@ttaylorr.com>	2022-10-31 01:04:43 (GMT)
committer	Taylor Blau <me@ttaylorr.com>	2022-10-31 01:04:43 (GMT)
commit	c41ec63ef5e68b4e5d2896390948223f5793c4e9 (patch)
tree	7959367edf8d1c703f005b3f51e841ff7386537b /apply.c
parent	c7ccd4eae92a551f5237fc04e2997274d543ec5b (diff)
parent	f1c0e3946e0bdec16d6440fb7e52edbe78cf12b3 (diff)
download	git-c41ec63ef5e68b4e5d2896390948223f5793c4e9.zip git-c41ec63ef5e68b4e5d2896390948223f5793c4e9.tar.gz git-c41ec63ef5e68b4e5d2896390948223f5793c4e9.tar.bz2