diff options
author | Michael Haggerty <mhagger@alum.mit.edu> | 2017-09-08 18:10:10 +0200 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2017-09-09 03:16:13 +0900 |
commit | 396428152413f431cac18f68a7190827b4acb3b6 (patch) | |
tree | 81ac86b68d2343f7818c493af5f7369f7352f310 | |
parent | load_subtree(): declare some variables to be `size_t` (diff) | |
download | tgif-396428152413f431cac18f68a7190827b4acb3b6.tar.xz |
load_subtree(): check that `prefix_len` is in the expected range
This value, which is stashed in the last byte of an object_id hash,
gets handed around a lot. So add a sanity check before using it in
`load_subtree()`.
Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r-- | notes.c | 5 |
1 files changed, 4 insertions, 1 deletions
@@ -417,7 +417,10 @@ static void load_subtree(struct notes_tree *t, struct leaf_node *subtree, oid_to_hex(&subtree->val_oid)); prefix_len = subtree->key_oid.hash[KEY_INDEX]; - assert(prefix_len * 2 >= n); + if (prefix_len >= GIT_SHA1_RAWSZ) + BUG("prefix_len (%"PRIuMAX") is out of range", (uintmax_t)prefix_len); + if (prefix_len * 2 < n) + BUG("prefix_len (%"PRIuMAX") is too small", (uintmax_t)prefix_len); memcpy(object_oid.hash, subtree->key_oid.hash, prefix_len); while (tree_entry(&desc, &entry)) { unsigned char type; |