git.ipfire.org Git - thirdparty/git.git/commit

author	Jeff King <peff@peff.net>
	Mon, 9 Oct 2023 21:05:14 +0000 (17:05 -0400)
committer	Junio C Hamano <gitster@pobox.com>
	Mon, 9 Oct 2023 22:55:01 +0000 (15:55 -0700)
commit	72a9a08283f1b56598d4af5efb8cd178d4150323
tree	1c02d7c4c7a0ba5c819447fd48dfb9b3687d66a7	tree \| snapshot
parent	4169d8964523198ca89f507824c07b70ba833732	commit \| diff

midx: check size of pack names chunk

We parse the pack-name chunk as a series of NUL-terminated strings. But
since we don't look at the chunk size, there's nothing to guarantee that
we don't parse off the end of the chunk (or even off the end of the
mapped file).

We can record the length, and then as we parse make sure that we never
walk past it.

The new test exercises the case, though note that it does not actually
segfault before this patch. It hits a NUL byte somewhere in one of the
other chunks, and comes up with a garbage pack name. You could construct
one that reads out-of-bounds (e.g., a PNAM chunk at the end of file),
but this case is simple and sufficient to check that we detect the
problem.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

midx.c		diff \| blob \| blame \| history
midx.h		diff \| blob \| blame \| history
t/t5319-multi-pack-index.sh		diff \| blob \| blame \| history