diff options
author | Taylor Blau <me@ttaylorr.com> | 2022-10-31 01:04:43 (GMT) |
---|---|---|
committer | Taylor Blau <me@ttaylorr.com> | 2022-10-31 01:04:43 (GMT) |
commit | c41ec63ef5e68b4e5d2896390948223f5793c4e9 (patch) | |
tree | 7959367edf8d1c703f005b3f51e841ff7386537b /apply.c | |
parent | c7ccd4eae92a551f5237fc04e2997274d543ec5b (diff) | |
parent | f1c0e3946e0bdec16d6440fb7e52edbe78cf12b3 (diff) | |
download | git-c41ec63ef5e68b4e5d2896390948223f5793c4e9.zip git-c41ec63ef5e68b4e5d2896390948223f5793c4e9.tar.gz git-c41ec63ef5e68b4e5d2896390948223f5793c4e9.tar.bz2 |
Merge branch 'tb/cap-patch-at-1gb'
"git apply" limits its input to a bit less than 1 GiB.
* tb/cap-patch-at-1gb:
apply: reject patches larger than ~1 GiB
Diffstat (limited to 'apply.c')
-rw-r--r-- | apply.c | 12 |
1 files changed, 11 insertions, 1 deletions
@@ -386,9 +386,19 @@ static void say_patch_name(FILE *output, const char *fmt, struct patch *patch) #define SLOP (16) +/* + * apply.c isn't equipped to handle arbitrarily large patches, because + * it intermingles `unsigned long` with `int` for the type used to store + * buffer lengths. + * + * Only process patches that are just shy of 1 GiB large in order to + * avoid any truncation or overflow issues. + */ +#define MAX_APPLY_SIZE (1024UL * 1024 * 1023) + static int read_patch_file(struct strbuf *sb, int fd) { - if (strbuf_read(sb, fd, 0) < 0) + if (strbuf_read(sb, fd, 0) < 0 || sb->len >= MAX_APPLY_SIZE) return error_errno("git apply: failed to read"); /* |