summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLibravatar Junio C Hamano <gitster@pobox.com>2022-01-12 12:11:42 -0800
committerLibravatar Junio C Hamano <gitster@pobox.com>2022-01-12 12:14:49 -0800
commita5c97b016421a2869b460bbf6bdcd43dc186d433 (patch)
tree379e1385ca8349e177c6b186b867010b0f60cab0
parentpackfile: avoid overflowing shift during decode (diff)
downloadtgif-a5c97b016421a2869b460bbf6bdcd43dc186d433.tar.xz
packfile: fix off-by-one error in decoding logic
shift count being exactly at 7-bit smaller than the long is OK; on 32-bit architecture, shift count starts at 4 and goes through 11, 18 and 25, at which point the guard triggers one iteration too early. Reported-by: Marc Strapetz <marc.strapetz@syntevo.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r--packfile.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/packfile.c b/packfile.c
index d3820c780b..667e21ce97 100644
--- a/packfile.c
+++ b/packfile.c
@@ -1067,7 +1067,7 @@ unsigned long unpack_object_header_buffer(const unsigned char *buf,
size = c & 15;
shift = 4;
while (c & 0x80) {
- if (len <= used || (bitsizeof(long) - 7) <= shift) {
+ if (len <= used || (bitsizeof(long) - 7) < shift) {
error("bad object header");
size = used = 0;
break;