tree-diff: catch integer overflow in combine_diff_path allocation

A combine_diff_path struct has two "flex" members allocated alongside the struct: a string to hold the pathname, and an array of parent pointers. We use an "int" to compute this, meaning we may easily overflow it if the pathname is extremely long. We can fix this by using size_t, and checking for overflow with the st_add helper. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
author: Jeff King <peff@peff.net> 2016-02-19 11:21:30 (GMT)
committer: Junio C Hamano <gitster@pobox.com> 2016-02-19 17:40:37 (GMT)
commit: 5b442c4f2723211ce0d862571e88ee206bfd51bf (patch)
tree: a699d4fdd632c01c0a0bd29a59e490d112aede43 /diff.h
parent: 320d0b493a259db3b481f985545b244438e6c086 (diff)
download: git-5b442c4f2723211ce0d862571e88ee206bfd51bf.zip
git-5b442c4f2723211ce0d862571e88ee206bfd51bf.tar.gz
git-5b442c4f2723211ce0d862571e88ee206bfd51bf.tar.bz2
1 files changed, 2 insertions, 2 deletions
diff --git a/diff.h b/diff.h
index 70b2d70..beafbbd 100644
--- a/diff.h
+++ b/diff.h
@@ -222,8 +222,8 @@ struct combine_diff_path {
 	} parent[FLEX_ARRAY];
 };
 #define combine_diff_path_size(n, l) \
-	(sizeof(struct combine_diff_path) + \
-	 sizeof(struct combine_diff_parent) * (n) + (l) + 1)
+	st_add4(sizeof(struct combine_diff_path), (l), 1, \
+		st_mult(sizeof(struct combine_diff_parent), (n)))
 
 extern void show_combined_diff(struct combine_diff_path *elem, int num_parent,
 			      int dense, struct rev_info *);
author	Jeff King <peff@peff.net>	2016-02-19 11:21:30 (GMT)
committer	Junio C Hamano <gitster@pobox.com>	2016-02-19 17:40:37 (GMT)
commit	5b442c4f2723211ce0d862571e88ee206bfd51bf (patch)
tree	a699d4fdd632c01c0a0bd29a59e490d112aede43 /diff.h
parent	320d0b493a259db3b481f985545b244438e6c086 (diff)
download	git-5b442c4f2723211ce0d862571e88ee206bfd51bf.zip git-5b442c4f2723211ce0d862571e88ee206bfd51bf.tar.gz git-5b442c4f2723211ce0d862571e88ee206bfd51bf.tar.bz2