git.ipfire.org Git - thirdparty/git.git/commit

author	Jeff King <peff@peff.net>
	Wed, 31 Jul 2019 04:38:25 +0000 (00:38 -0400)
committer	Junio C Hamano <gitster@pobox.com>
	Thu, 1 Aug 2019 20:06:52 +0000 (13:06 -0700)
commit	5aa02f98685d78666293149087d3f69b97528cfb
tree	415bcf89bae3179e7b5ab78aa461482c46e69b96	tree \| snapshot
parent	c43ab062598d0299ea6e0d115a6018189a7793bf	commit \| diff

tree-walk: harden make_traverse_path() length computations

The make_traverse_path() function isn't very careful about checking its
output buffer boundaries. In fact, it doesn't even _know_ the size of
the buffer it's writing to, and just assumes that the caller used
traverse_path_len() correctly. And even then we assume that our
traverse_info.pathlen components are all correct, and just blindly write
into the buffer.

Let's improve this situation a bit:

  - have the caller pass in their allocated buffer length, which we'll
    check against our own computations

  - check for integer underflow as we do our backwards-insertion of
    pathnames into the buffer

  - check that we do not run out items in our list to traverse before
    we've filled the expected number of bytes

None of these should be triggerable in practice (especially since our
switch to size_t everywhere in a previous commit), but it doesn't hurt
to check our assumptions.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

tree-walk.c		diff \| blob \| blame \| history
tree-walk.h		diff \| blob \| blame \| history
unpack-trees.c		diff \| blob \| blame \| history