summaryrefslogtreecommitdiffstats
path: root/streaming.c
diff options
context:
space:
mode:
authorJunio C Hamano <gitster@pobox.com>2016-10-03 22:30:36 +0200
committerJunio C Hamano <gitster@pobox.com>2016-10-03 22:30:36 +0200
commit71a57ab32d211be19729c3afaf0a7c7283c7a4e2 (patch)
tree0e251211fd9fd99e0f7ab724084791db632608b7 /streaming.c
parentMerge branch 'nd/init-core-worktree-in-multi-worktree-world' (diff)
parentunpack_sha1_header(): detect malformed object header (diff)
downloadgit-71a57ab32d211be19729c3afaf0a7c7283c7a4e2.tar.xz
git-71a57ab32d211be19729c3afaf0a7c7283c7a4e2.zip
Merge branch 'jc/verify-loose-object-header'
Codepaths that read from an on-disk loose object were too loose in validating what they are reading is a proper object file and sometimes read past the data they read from the disk, which has been corrected. H/t to Gustavo Grieco for reporting. * jc/verify-loose-object-header: unpack_sha1_header(): detect malformed object header streaming: make sure to notice corrupt object
Diffstat (limited to 'streaming.c')
-rw-r--r--streaming.c12
1 files changed, 6 insertions, 6 deletions
diff --git a/streaming.c b/streaming.c
index 3c48f049d3..3f017a1c05 100644
--- a/streaming.c
+++ b/streaming.c
@@ -337,17 +337,17 @@ static open_method_decl(loose)
st->u.loose.mapped = map_sha1_file(sha1, &st->u.loose.mapsize);
if (!st->u.loose.mapped)
return -1;
- if (unpack_sha1_header(&st->z,
- st->u.loose.mapped,
- st->u.loose.mapsize,
- st->u.loose.hdr,
- sizeof(st->u.loose.hdr)) < 0) {
+ if ((unpack_sha1_header(&st->z,
+ st->u.loose.mapped,
+ st->u.loose.mapsize,
+ st->u.loose.hdr,
+ sizeof(st->u.loose.hdr)) < 0) ||
+ (parse_sha1_header(st->u.loose.hdr, &st->size) < 0)) {
git_inflate_end(&st->z);
munmap(st->u.loose.mapped, st->u.loose.mapsize);
return -1;
}
- parse_sha1_header(st->u.loose.hdr, &st->size);
st->u.loose.hdr_used = strlen(st->u.loose.hdr) + 1;
st->u.loose.hdr_avail = st->z.total_out;
st->z_state = z_used;