read_object_with_reference: don't read beyond the buffer

Signed-off-by: Martin Koegler <mkoegler@auto.tuwien.ac.at> Signed-off-by: Junio C Hamano <gitster@pobox.com>
author: Martin Koegler <mkoegler@auto.tuwien.ac.at> 2008-02-18 20:47:52 (GMT)
committer: Junio C Hamano <gitster@pobox.com> 2008-02-19 03:20:17 (GMT)
commit: 50974ec99408b2d814360863e72a5eca613889c8 (patch)
tree: 340049890a965da37de20bb4b24349da2edd3aba /sha1_file.c
parent: e5fc9a0aea2c3c49829b5cdf499339e5c759706b (diff)
download: git-50974ec99408b2d814360863e72a5eca613889c8.zip
git-50974ec99408b2d814360863e72a5eca613889c8.tar.gz
git-50974ec99408b2d814360863e72a5eca613889c8.tar.bz2
1 files changed, 2 insertions, 1 deletions
diff --git a/sha1_file.c b/sha1_file.c
index 66a4e00..0ca7f0d 100644
--- a/sha1_file.c
+++ b/sha1_file.c
@@ -1943,7 +1943,8 @@ void *read_object_with_reference(const unsigned char *sha1,
 		}
 		ref_length = strlen(ref_type);
 
-		if (memcmp(buffer, ref_type, ref_length) ||
+		if (ref_length + 40 > isize ||
+		    memcmp(buffer, ref_type, ref_length) ||
 		    get_sha1_hex((char *) buffer + ref_length, actual_sha1)) {
 			free(buffer);
 			return NULL;
author	Martin Koegler <mkoegler@auto.tuwien.ac.at>	2008-02-18 20:47:52 (GMT)
committer	Junio C Hamano <gitster@pobox.com>	2008-02-19 03:20:17 (GMT)
commit	50974ec99408b2d814360863e72a5eca613889c8 (patch)
tree	340049890a965da37de20bb4b24349da2edd3aba /sha1_file.c
parent	e5fc9a0aea2c3c49829b5cdf499339e5c759706b (diff)
download	git-50974ec99408b2d814360863e72a5eca613889c8.zip git-50974ec99408b2d814360863e72a5eca613889c8.tar.gz git-50974ec99408b2d814360863e72a5eca613889c8.tar.bz2