]> git.ipfire.org Git - thirdparty/git.git/commit
projects / thirdparty / git.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 581e0f8) | patch
commit-graph: detect out-of-order BIDX offsets
authorJeff King <peff@peff.net>
Mon, 9 Oct 2023 21:05:56 +0000 (17:05 -0400)
committerJunio C Hamano <gitster@pobox.com>
Mon, 9 Oct 2023 22:55:02 +0000 (15:55 -0700)
commit12192a9db9beb3c45dd5064f34d1fcdc71f6a062
tree1b9380d8e1e8e5392dde8cbb32ab2f93e33e5494tree | snapshot
parent581e0f8b189b5b3d50aae16be09941ab6fccf335commit | diff
commit-graph: detect out-of-order BIDX offsets

The BIDX chunk tells us the offsets at which each commit's Bloom filters
can be found in the BDAT chunk. We compute the length of each filter by
checking the offsets of neighbors and subtracting them.

If the offsets are out of order, then we'll get a negative length, which
we then store as a very large unsigned value. This can cause us to read
out-of-bounds memory, as we access the hash data modulo "filter->len *
BITS_PER_WORD".

We can easily detect this case when loading the individual filters.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
bloom.c diff | blob | blame | history
t/t4216-log-bloom.sh diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.