From: Taylor Blau <me@ttaylorr.com>
Date: Wed, 12 Jul 2023 23:38:11 +0000 (-0400)
Subject: commit-graph.c: prevent overflow in `split_graph_merge_strategy()`
X-Git-Tag: v2.42.0-rc0~39^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=19565d093d248ba4c2330d96314a547feed41112;p=thirdparty%2Fgit.git

commit-graph.c: prevent overflow in `split_graph_merge_strategy()`

In a similar spirit as previous commits, ensure that we don't overflow
when choosing how to split and merge different layers of the
commit-graph.

In particular, avoid a potential overflow between `size_mult` and
`num_commits`, as well as a potential overflow between the number of
commits currently in the merged graph, and the number of commits in the
graph about to be merged.

Signed-off-by: Taylor Blau <me@ttaylorr.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---

diff --git a/commit-graph.c b/commit-graph.c
index 08d773567f..d9795e3aa4 100644
--- a/commit-graph.c
+++ b/commit-graph.c
@@ -2112,11 +2112,16 @@ static void split_graph_merge_strategy(struct write_commit_graph_context *ctx)
 
 	if (flags != COMMIT_GRAPH_SPLIT_MERGE_PROHIBITED &&
 	    flags != COMMIT_GRAPH_SPLIT_REPLACE) {
-		while (g && (g->num_commits <= size_mult * num_commits ||
+		while (g && (g->num_commits <= st_mult(size_mult, num_commits) ||
 			    (max_commits && num_commits > max_commits))) {
 			if (g->odb != ctx->odb)
 				break;
 
+			if (unsigned_add_overflows(num_commits, g->num_commits))
+				die(_("cannot merge graphs with %"PRIuMAX", "
+				      "%"PRIuMAX" commits"),
+				    (uintmax_t)num_commits,
+				    (uintmax_t)g->num_commits);
 			num_commits += g->num_commits;
 			g = g->base_graph;