diff options
| author | Jeff King <peff@peff.net> | 2023-10-09 23:05:56 +0200 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2023-10-10 00:55:02 +0200 |
| commit | 12192a9db9beb3c45dd5064f34d1fcdc71f6a062 (patch) | |
| tree | 1b9380d8e1e8e5392dde8cbb32ab2f93e33e5494 /bloom.c | |
| parent | commit-graph: check bounds when accessing BIDX chunk (diff) | |
| download | git-12192a9db9beb3c45dd5064f34d1fcdc71f6a062.tar.xz git-12192a9db9beb3c45dd5064f34d1fcdc71f6a062.zip | |
commit-graph: detect out-of-order BIDX offsets
The BIDX chunk tells us the offsets at which each commit's Bloom filters
can be found in the BDAT chunk. We compute the length of each filter by
checking the offsets of neighbors and subtracting them.
If the offsets are out of order, then we'll get a negative length, which
we then store as a very large unsigned value. This can cause us to read
out-of-bounds memory, as we access the hash data modulo "filter->len *
BITS_PER_WORD".
We can easily detect this case when loading the individual filters.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'bloom.c')
| -rw-r--r-- | bloom.c | 10 |
1 files changed, 10 insertions, 0 deletions
@@ -75,6 +75,16 @@ static int load_bloom_filter_from_graph(struct commit_graph *g, check_bloom_offset(g, lex_pos - 1, start_index) < 0) return 0; + if (end_index < start_index) { + warning("ignoring decreasing changed-path index offsets" + " (%"PRIuMAX" > %"PRIuMAX") for positions" + " %"PRIuMAX" and %"PRIuMAX" of %s", + (uintmax_t)start_index, (uintmax_t)end_index, + (uintmax_t)(lex_pos-1), (uintmax_t)lex_pos, + g->filename); + return 0; + } + filter->len = end_index - start_index; filter->data = (unsigned char *)(g->chunk_bloom_data + sizeof(unsigned char) * start_index + |