diff options
| author | Jeff King <peff@peff.net> | 2016-02-25 14:23:26 (GMT) |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2016-02-25 19:32:46 (GMT) |
| commit | 13e0b0d3dc76353632dcb0bc63cdf03426154317 (patch) | |
| tree | a9ecffdfc2b839b81fc7b4d5aa1e543639a9cec3 /sha1_file.c | |
| parent | 47fe3f6ef0f5a336db90d816c5fb4330ffa23668 (diff) | |
| download | git-13e0b0d3dc76353632dcb0bc63cdf03426154317.zip git-13e0b0d3dc76353632dcb0bc63cdf03426154317.tar.gz git-13e0b0d3dc76353632dcb0bc63cdf03426154317.tar.bz2 | |
use_pack: handle signed off_t overflow
A v2 pack index file can specify an offset within a packfile
of up to 2^64-1 bytes. On a system with a signed 64-bit
off_t, we can represent only up to 2^63-1. This means that a
corrupted .idx file can end up with a negative offset in the
pack code. Our bounds-checking use_pack function looks for
too-large offsets, but not for ones that have wrapped around
to negative. Let's do so, which fixes an out-of-bounds
access demonstrated in t5313.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'sha1_file.c')
| -rw-r--r-- | sha1_file.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sha1_file.c b/sha1_file.c index bd0f8f7..4a3a032 100644 --- a/sha1_file.c +++ b/sha1_file.c @@ -1041,6 +1041,8 @@ unsigned char *use_pack(struct packed_git *p, die("packfile %s cannot be accessed", p->pack_name); if (offset > (p->pack_size - 20)) die("offset beyond end of packfile (truncated pack?)"); + if (offset < 0) + die("offset before end of packfile (broken .idx?)"); if (!win || !in_window(win, offset)) { if (win) |