diff options
Diffstat (limited to 'patch-delta.c')
-rw-r--r-- | patch-delta.c | 50 |
1 files changed, 32 insertions, 18 deletions
diff --git a/patch-delta.c b/patch-delta.c index 26281ea123..56e0a5ede2 100644 --- a/patch-delta.c +++ b/patch-delta.c @@ -2,19 +2,18 @@ * patch-delta.c: * recreate a buffer from a source and the delta produced by diff-delta.c * - * (C) 2005 Nicolas Pitre <nico@cam.org> + * (C) 2005 Nicolas Pitre <nico@fluxnic.net> * * This code is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ -#include <stdlib.h> -#include <string.h> +#include "git-compat-util.h" #include "delta.h" -void *patch_delta(void *src_buf, unsigned long src_size, - void *delta_buf, unsigned long delta_size, +void *patch_delta(const void *src_buf, unsigned long src_size, + const void *delta_buf, unsigned long delta_size, unsigned long *dst_size) { const unsigned char *data, *top; @@ -25,48 +24,63 @@ void *patch_delta(void *src_buf, unsigned long src_size, return NULL; data = delta_buf; - top = delta_buf + delta_size; + top = (const unsigned char *) delta_buf + delta_size; /* make sure the orig file size matches what we expect */ - size = get_delta_hdr_size(&data); + size = get_delta_hdr_size(&data, top); if (size != src_size) return NULL; /* now the result size */ - size = get_delta_hdr_size(&data); - dst_buf = malloc(size); - if (!dst_buf) - return NULL; + size = get_delta_hdr_size(&data, top); + dst_buf = xmallocz(size); out = dst_buf; while (data < top) { cmd = *data++; if (cmd & 0x80) { unsigned long cp_off = 0, cp_size = 0; - const unsigned char *buf; if (cmd & 0x01) cp_off = *data++; if (cmd & 0x02) cp_off |= (*data++ << 8); if (cmd & 0x04) cp_off |= (*data++ << 16); - if (cmd & 0x08) cp_off |= (*data++ << 24); + if (cmd & 0x08) cp_off |= ((unsigned) *data++ << 24); if (cmd & 0x10) cp_size = *data++; if (cmd & 0x20) cp_size |= (*data++ << 8); + if (cmd & 0x40) cp_size |= (*data++ << 16); if (cp_size == 0) cp_size = 0x10000; - buf = (cmd & 0x40) ? dst_buf : src_buf; - memcpy(out, buf + cp_off, cp_size); + if (unsigned_add_overflows(cp_off, cp_size) || + cp_off + cp_size > src_size || + cp_size > size) + break; + memcpy(out, (char *) src_buf + cp_off, cp_size); out += cp_size; - } else { + size -= cp_size; + } else if (cmd) { + if (cmd > size) + break; memcpy(out, data, cmd); out += cmd; data += cmd; + size -= cmd; + } else { + /* + * cmd == 0 is reserved for future encoding + * extensions. In the mean time we must fail when + * encountering them (might be data corruption). + */ + error("unexpected delta opcode 0"); + goto bad; } } /* sanity check */ - if (data != top || out - dst_buf != size) { + if (data != top || size != 0) { + error("delta replay has gone wild"); + bad: free(dst_buf); return NULL; } - *dst_size = size; + *dst_size = out - dst_buf; return dst_buf; } |