git.ipfire.org Git - thirdparty/git.git/commit

author	Patrick Steinhardt <ps@pks.im>
	Mon, 7 Oct 2024 04:38:18 +0000 (06:38 +0200)
committer	Junio C Hamano <gitster@pobox.com>
	Mon, 7 Oct 2024 22:08:11 +0000 (15:08 -0700)
commit	2be7fc012e6747160b4b6586a1ec209598581ade
tree	ba4e2d329d83d368396226467a51d8f80efd7ece	tree \| snapshot
parent	9f119599a69eb11f0712cab3bdbc2000eb91abd7	commit \| diff

cache-tree: detect mismatching number of index entries

In t4058 we have some tests that exercise git-read-tree(1) when used
with a tree that contains duplicate entries. While the expectation is
that we fail, we ideally should fail gracefully without a segfault.

But that is not the case: we never check that the number of entries in
the cache-tree is less than or equal to the number of entries in the
index. This can lead to an out-of-bounds read as we unconditionally
access `istate->cache[idx]`, where `idx` is controlled by the number of
cache-tree entries and the current position therein. The result is a
segfault.

Fix this segfault by adding a sanity check for the number of index
entries before dereferencing them.

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

cache-tree.c		diff \| blob \| blame \| history
t/t4058-diff-duplicates.sh		diff \| blob \| blame \| history