From: Phillip Wood Date: Thu, 22 May 2025 15:55:21 +0000 (+0100) Subject: midx repack: avoid potential integer overflow on 64 bit systems X-Git-Tag: v2.50.0-rc1~15^2~2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f874c0ed90c63276e0ebc445ad6fee5dcbfacb86;p=thirdparty%2Fgit.git midx repack: avoid potential integer overflow on 64 bit systems On a 64 bit system the calculation p->pack_size * pack_info[i].referenced_objects could overflow. If a pack file contains 2^28 objects with an average compressed size of 1KB then the pack size will be 2^38B. If all of the objects are referenced by the multi-pack index the sum above will overflow. Avoid this by using shifted integer arithmetic and changing the order of the calculation so that the pack size is divided by the total number of objects in the pack before multiplying by the number of objects referenced by the multi-pack index. Using a shift of 14 bits should give reasonable accuracy while avoiding overflow for pack sizes less that 1PB. Signed-off-by: Phillip Wood Signed-off-by: Junio C Hamano --- diff --git a/midx-write.c b/midx-write.c index 105014a279..8121e96f4f 100644 --- a/midx-write.c +++ b/midx-write.c @@ -1704,9 +1704,15 @@ static void fill_included_packs_batch(struct repository *r, if (!want_included_pack(r, m, pack_kept_objects, pack_int_id)) continue; - expected_size = uint64_mult(p->pack_size, - pack_info[i].referenced_objects); + /* + * Use shifted integer arithmetic to calculate the + * expected pack size to ~4 significant digits without + * overflow for packsizes less that 1PB. + */ + expected_size = (uint64_t)pack_info[i].referenced_objects << 14; expected_size /= p->num_objects; + expected_size = u64_mult(expected_size, p->pack_size); + expected_size = u64_add(expected_size, 1u << 13) >> 14; if (expected_size >= batch_size) continue;