diff options
author | Junio C Hamano <gitster@pobox.com> | 2022-01-12 12:11:42 -0800 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2022-01-12 12:14:49 -0800 |
commit | a5c97b016421a2869b460bbf6bdcd43dc186d433 (patch) | |
tree | 379e1385ca8349e177c6b186b867010b0f60cab0 | |
parent | packfile: avoid overflowing shift during decode (diff) | |
download | tgif-a5c97b016421a2869b460bbf6bdcd43dc186d433.tar.xz |
packfile: fix off-by-one error in decoding logic
shift count being exactly at 7-bit smaller than the long is OK; on
32-bit architecture, shift count starts at 4 and goes through 11, 18
and 25, at which point the guard triggers one iteration too early.
Reported-by: Marc Strapetz <marc.strapetz@syntevo.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r-- | packfile.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/packfile.c b/packfile.c index d3820c780b..667e21ce97 100644 --- a/packfile.c +++ b/packfile.c @@ -1067,7 +1067,7 @@ unsigned long unpack_object_header_buffer(const unsigned char *buf, size = c & 15; shift = 4; while (c & 0x80) { - if (len <= used || (bitsizeof(long) - 7) <= shift) { + if (len <= used || (bitsizeof(long) - 7) < shift) { error("bad object header"); size = used = 0; break; |