diff options
| -rw-r--r-- | builtin/pack-objects.c | 6 | ||||
| -rw-r--r-- | bulk-checkin.c | 2 | ||||
| -rw-r--r-- | fast-import.c | 10 | ||||
| -rw-r--r-- | pack-write.c | 5 | ||||
| -rw-r--r-- | pack.h | 3 |
5 files changed, 16 insertions, 10 deletions
diff --git a/builtin/pack-objects.c b/builtin/pack-objects.c index 8841f8b366..463f30b694 100644 --- a/builtin/pack-objects.c +++ b/builtin/pack-objects.c @@ -286,7 +286,8 @@ static unsigned long write_no_reuse_object(struct sha1file *f, struct object_ent * The object header is a byte of 'type' followed by zero or * more bytes of length. */ - hdrlen = encode_in_pack_object_header(type, size, header); + hdrlen = encode_in_pack_object_header(header, sizeof(header), + type, size); if (type == OBJ_OFS_DELTA) { /* @@ -358,7 +359,8 @@ static off_t write_reuse_object(struct sha1file *f, struct object_entry *entry, if (entry->delta) type = (allow_ofs_delta && entry->delta->idx.offset) ? OBJ_OFS_DELTA : OBJ_REF_DELTA; - hdrlen = encode_in_pack_object_header(type, entry->size, header); + hdrlen = encode_in_pack_object_header(header, sizeof(header), + type, entry->size); offset = entry->in_pack_offset; revidx = find_pack_revindex(p, offset); diff --git a/bulk-checkin.c b/bulk-checkin.c index 991b4a13e2..ddb6070c4c 100644 --- a/bulk-checkin.c +++ b/bulk-checkin.c @@ -105,7 +105,7 @@ static int stream_to_pack(struct bulk_checkin_state *state, git_deflate_init(&s, pack_compression_level); - hdrlen = encode_in_pack_object_header(type, size, obuf); + hdrlen = encode_in_pack_object_header(obuf, sizeof(obuf), type, size); s.next_out = obuf + hdrlen; s.avail_out = sizeof(obuf) - hdrlen; diff --git a/fast-import.c b/fast-import.c index 87c4e7e400..c4ccb3c9cd 100644 --- a/fast-import.c +++ b/fast-import.c @@ -1173,7 +1173,8 @@ static int store_object( delta_count_by_type[type]++; e->depth = last->depth + 1; - hdrlen = encode_in_pack_object_header(OBJ_OFS_DELTA, deltalen, hdr); + hdrlen = encode_in_pack_object_header(hdr, sizeof(hdr), + OBJ_OFS_DELTA, deltalen); sha1write(pack_file, hdr, hdrlen); pack_size += hdrlen; @@ -1184,7 +1185,8 @@ static int store_object( pack_size += sizeof(hdr) - pos; } else { e->depth = 0; - hdrlen = encode_in_pack_object_header(type, dat->len, hdr); + hdrlen = encode_in_pack_object_header(hdr, sizeof(hdr), + type, dat->len); sha1write(pack_file, hdr, hdrlen); pack_size += hdrlen; } @@ -1246,9 +1248,7 @@ static void stream_blob(uintmax_t len, unsigned char *sha1out, uintmax_t mark) git_deflate_init(&s, pack_compression_level); - hdrlen = encode_in_pack_object_header(OBJ_BLOB, len, out_buf); - if (out_sz <= hdrlen) - die("impossibly large object header"); + hdrlen = encode_in_pack_object_header(out_buf, out_sz, OBJ_BLOB, len); s.next_out = out_buf + hdrlen; s.avail_out = out_sz - hdrlen; diff --git a/pack-write.c b/pack-write.c index 88bc7f9f7d..c057513f12 100644 --- a/pack-write.c +++ b/pack-write.c @@ -304,7 +304,8 @@ char *index_pack_lockfile(int ip_out) * - each byte afterwards: low seven bits are size continuation, * with the high bit being "size continues" */ -int encode_in_pack_object_header(enum object_type type, uintmax_t size, unsigned char *hdr) +int encode_in_pack_object_header(unsigned char *hdr, int hdr_len, + enum object_type type, uintmax_t size) { int n = 1; unsigned char c; @@ -315,6 +316,8 @@ int encode_in_pack_object_header(enum object_type type, uintmax_t size, unsigned c = (type << 4) | (size & 15); size >>= 4; while (size) { + if (n == hdr_len) + die("object size is too enormous to format"); *hdr++ = c | 0x80; c = size & 0x7f; size >>= 7; @@ -84,7 +84,8 @@ extern int verify_pack(struct packed_git *, verify_fn fn, struct progress *, uin extern off_t write_pack_header(struct sha1file *f, uint32_t); extern void fixup_pack_header_footer(int, unsigned char *, const char *, uint32_t, unsigned char *, off_t); extern char *index_pack_lockfile(int fd); -extern int encode_in_pack_object_header(enum object_type, uintmax_t, unsigned char *); +extern int encode_in_pack_object_header(unsigned char *hdr, int hdr_len, + enum object_type, uintmax_t); #define PH_ERROR_EOF (-1) #define PH_ERROR_PACK_SIGNATURE (-2) |