From: Junio C Hamano <gitster@pobox.com>
Date: Wed, 12 Jan 2022 20:11:42 +0000 (-0800)
Subject: packfile: fix off-by-one error in decoding logic
X-Git-Tag: v2.35.0-rc1~9^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a5c97b016421a2869b460bbf6bdcd43dc186d433;p=thirdparty%2Fgit.git

packfile: fix off-by-one error in decoding logic

shift count being exactly at 7-bit smaller than the long is OK; on
32-bit architecture, shift count starts at 4 and goes through 11, 18
and 25, at which point the guard triggers one iteration too early.

Reported-by: Marc Strapetz <marc.strapetz@syntevo.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---

diff --git a/packfile.c b/packfile.c
index d3820c780b..667e21ce97 100644
--- a/packfile.c
+++ b/packfile.c
@@ -1067,7 +1067,7 @@ unsigned long unpack_object_header_buffer(const unsigned char *buf,
 	size = c & 15;
 	shift = 4;
 	while (c & 0x80) {
-		if (len <= used || (bitsizeof(long) - 7) <= shift) {
+		if (len <= used || (bitsizeof(long) - 7) < shift) {
 			error("bad object header");
 			size = used = 0;
 			break;