diff options
author | Junio C Hamano <gitster@pobox.com> | 2010-01-27 14:56:38 -0800 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2010-01-27 14:56:38 -0800 |
commit | a0075d9e6ae211e8bde3eb40c8cdebb1772ee680 (patch) | |
tree | b29228a2bb894edd907b319b23c77025b5f9e407 | |
parent | Merge branch 'jh/maint-config-file-prefix' (diff) | |
parent | Fix integer overflow in unpack_compressed_entry() (diff) | |
download | tgif-a0075d9e6ae211e8bde3eb40c8cdebb1772ee680.tar.xz |
Merge branch 'il/maint-xmallocz'
* il/maint-xmallocz:
Fix integer overflow in unpack_compressed_entry()
Fix integer overflow in unpack_sha1_rest()
Fix integer overflow in patch_delta()
Add xmallocz()
-rw-r--r-- | git-compat-util.h | 1 | ||||
-rw-r--r-- | patch-delta.c | 3 | ||||
-rw-r--r-- | sha1_file.c | 6 | ||||
-rw-r--r-- | wrapper.c | 15 |
4 files changed, 15 insertions, 10 deletions
diff --git a/git-compat-util.h b/git-compat-util.h index 620a7c6371..a3c4537366 100644 --- a/git-compat-util.h +++ b/git-compat-util.h @@ -348,6 +348,7 @@ extern void release_pack_memory(size_t, int); extern char *xstrdup(const char *str); extern void *xmalloc(size_t size); +extern void *xmallocz(size_t size); extern void *xmemdupz(const void *data, size_t len); extern char *xstrndup(const char *str, size_t len); extern void *xrealloc(void *ptr, size_t size); diff --git a/patch-delta.c b/patch-delta.c index e02e13bd4e..d218faa02b 100644 --- a/patch-delta.c +++ b/patch-delta.c @@ -33,8 +33,7 @@ void *patch_delta(const void *src_buf, unsigned long src_size, /* now the result size */ size = get_delta_hdr_size(&data, top); - dst_buf = xmalloc(size + 1); - dst_buf[size] = 0; + dst_buf = xmallocz(size); out = dst_buf; while (data < top) { diff --git a/sha1_file.c b/sha1_file.c index 12478a3652..657825e14e 100644 --- a/sha1_file.c +++ b/sha1_file.c @@ -1166,7 +1166,7 @@ static int unpack_sha1_header(z_stream *stream, unsigned char *map, unsigned lon static void *unpack_sha1_rest(z_stream *stream, void *buffer, unsigned long size, const unsigned char *sha1) { int bytes = strlen(buffer) + 1; - unsigned char *buf = xmalloc(1+size); + unsigned char *buf = xmallocz(size); unsigned long n; int status = Z_OK; @@ -1194,7 +1194,6 @@ static void *unpack_sha1_rest(z_stream *stream, void *buffer, unsigned long size while (status == Z_OK) status = git_inflate(stream, Z_FINISH); } - buf[size] = 0; if (status == Z_STREAM_END && !stream->avail_in) { git_inflate_end(stream); return buf; @@ -1517,8 +1516,7 @@ static void *unpack_compressed_entry(struct packed_git *p, z_stream stream; unsigned char *buffer, *in; - buffer = xmalloc(size + 1); - buffer[size] = 0; + buffer = xmallocz(size); memset(&stream, 0, sizeof(stream)); stream.next_out = buffer; stream.avail_out = size + 1; @@ -34,6 +34,16 @@ void *xmalloc(size_t size) return ret; } +void *xmallocz(size_t size) +{ + void *ret; + if (size + 1 < size) + die("Data too large to fit into virtual memory space."); + ret = xmalloc(size + 1); + ((char*)ret)[size] = 0; + return ret; +} + /* * xmemdupz() allocates (len + 1) bytes of memory, duplicates "len" bytes of * "data" to the allocated memory, zero terminates the allocated memory, @@ -42,10 +52,7 @@ void *xmalloc(size_t size) */ void *xmemdupz(const void *data, size_t len) { - char *p = xmalloc(len + 1); - memcpy(p, data, len); - p[len] = '\0'; - return p; + return memcpy(xmallocz(len), data, len); } char *xstrndup(const char *str, size_t len) |