Merge branch 'jk/pack-idx-corruption-safety' into maint

The code to read the pack data using the offsets stored in the pack idx file has been made more carefully check the validity of the data in the idx. * jk/pack-idx-corruption-safety: sha1_file.c: mark strings for translation use_pack: handle signed off_t overflow nth_packed_object_offset: bounds-check extended offset t5313: test bounds-checks of corrupted/malicious pack/idx files
author: Junio C Hamano <gitster@pobox.com> 2016-03-10 19:13:46 (GMT)
committer: Junio C Hamano <gitster@pobox.com> 2016-03-10 19:13:46 (GMT)
commit: 80047fa084f994969d42338bc3fbbb89e7d957d6 (patch)
tree: 7835a193de3ad2ee6d883ce3bba1d8f1acc9ef73 /builtin
parent: 0e58b47d153a90d80518ef35c53ffb244ed4ecd6 (diff)
parent: 7465feba513a8bd3d47f27630ccc9ab7e82d916c (diff)
download: git-80047fa084f994969d42338bc3fbbb89e7d957d6.zip
git-80047fa084f994969d42338bc3fbbb89e7d957d6.tar.gz
git-80047fa084f994969d42338bc3fbbb89e7d957d6.tar.bz2
1 files changed, 1 insertions, 0 deletions
diff --git a/builtin/index-pack.c b/builtin/index-pack.c
index 193908a..4524519 100644
--- a/builtin/index-pack.c
+++ b/builtin/index-pack.c
@@ -1514,6 +1514,7 @@ static void read_v2_anomalous_offsets(struct packed_git *p,
 		if (!(off & 0x80000000))
 			continue;
 		off = off & 0x7fffffff;
+		check_pack_index_ptr(p, &idx2[off * 2]);
 		if (idx2[off * 2])
 			continue;
 		/*
author	Junio C Hamano <gitster@pobox.com>	2016-03-10 19:13:46 (GMT)
committer	Junio C Hamano <gitster@pobox.com>	2016-03-10 19:13:46 (GMT)
commit	80047fa084f994969d42338bc3fbbb89e7d957d6 (patch)
tree	7835a193de3ad2ee6d883ce3bba1d8f1acc9ef73 /builtin
parent	0e58b47d153a90d80518ef35c53ffb244ed4ecd6 (diff)
parent	7465feba513a8bd3d47f27630ccc9ab7e82d916c (diff)
download	git-80047fa084f994969d42338bc3fbbb89e7d957d6.zip git-80047fa084f994969d42338bc3fbbb89e7d957d6.tar.gz git-80047fa084f994969d42338bc3fbbb89e7d957d6.tar.bz2