summaryrefslogtreecommitdiff
path: root/varint.h
diff options
context:
space:
mode:
authorLibravatar Eric Sunshine <sunshine@sunshineco.com>2015-05-04 03:25:15 -0400
committerLibravatar Junio C Hamano <gitster@pobox.com>2015-05-05 10:14:18 -0700
commit0c3db67cc8137cebea5b1a9c3c7fc379ef8ffda6 (patch)
tree82a7a5ae13d5bd50f77e5bfbc0d4590b9b0873b6 /varint.h
parentgit-hash-object.txt: document --literally option (diff)
downloadtgif-0c3db67cc8137cebea5b1a9c3c7fc379ef8ffda6.tar.xz
hash-object --literally: fix buffer overrun with extra-long object type
"hash-object" learned in 5ba9a93 (hash-object: add --literally option, 2014-09-11) to allow crafting a corrupt/broken object of unknown type. When the user-provided type is particularly long, however, it can overflow the relatively small stack-based character array handed to write_sha1_file_prepare() by hash_sha1_file() and write_sha1_file(), leading to stack corruption (and crash). Introduce a custom helper to allow arbitrarily long typenames just for "hash-object --literally". [jc: Eric's original used a strbuf in the more common codepaths, and I rewrote it to avoid penalizing the non-literally code. Bugs are mine] Signed-off-by: Eric Sunshine <sunshine@sunshineco.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'varint.h')
0 files changed, 0 insertions, 0 deletions