summaryrefslogtreecommitdiffstats
path: root/sha1-name.c
diff options
context:
space:
mode:
authorJunio C Hamano <gitster@pobox.com>2019-10-07 04:32:57 +0200
committerJunio C Hamano <gitster@pobox.com>2019-10-07 04:32:57 +0200
commit773521df2689cc3ada76495c5b4061753b510d32 (patch)
treec88cd2a7656537094bf73e7c5745213ed8e81e70 /sha1-name.c
parentMerge branch 'dl/submodule-set-branch' (diff)
parentsha1-name: check for overflow of N in "foo^N" and "foo~N" (diff)
downloadgit-773521df2689cc3ada76495c5b4061753b510d32.tar.xz
git-773521df2689cc3ada76495c5b4061753b510d32.zip
Merge branch 'rs/nth-parent-parse'
The object name parser for "Nth parent" syntax has been made more robust against integer overflows. * rs/nth-parent-parse: sha1-name: check for overflow of N in "foo^N" and "foo~N" rev-parse: demonstrate overflow of N for "foo^N" and "foo~N"
Diffstat (limited to 'sha1-name.c')
-rw-r--r--sha1-name.c15
1 files changed, 12 insertions, 3 deletions
diff --git a/sha1-name.c b/sha1-name.c
index c665e3f96d..7a047e9e2b 100644
--- a/sha1-name.c
+++ b/sha1-name.c
@@ -1160,13 +1160,22 @@ static enum get_oid_result get_oid_1(struct repository *r,
}
if (has_suffix) {
- int num = 0;
+ unsigned int num = 0;
int len1 = cp - name;
cp++;
- while (cp < name + len)
- num = num * 10 + *cp++ - '0';
+ while (cp < name + len) {
+ unsigned int digit = *cp++ - '0';
+ if (unsigned_mult_overflows(num, 10))
+ return MISSING_OBJECT;
+ num *= 10;
+ if (unsigned_add_overflows(num, digit))
+ return MISSING_OBJECT;
+ num += digit;
+ }
if (!num && len1 == len - 1)
num = 1;
+ else if (num > INT_MAX)
+ return MISSING_OBJECT;
if (has_suffix == '^')
return get_parent(r, name, len1, oid, num);
/* else if (has_suffix == '~') -- goes without saying */