diff options
author | Jeff King <peff@peff.net> | 2016-02-25 15:23:26 +0100 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2016-02-25 20:32:46 +0100 |
commit | 13e0b0d3dc76353632dcb0bc63cdf03426154317 (patch) | |
tree | a9ecffdfc2b839b81fc7b4d5aa1e543639a9cec3 /t/t5313-pack-bounds-checks.sh | |
parent | nth_packed_object_offset: bounds-check extended offset (diff) | |
download | git-13e0b0d3dc76353632dcb0bc63cdf03426154317.tar.xz git-13e0b0d3dc76353632dcb0bc63cdf03426154317.zip |
use_pack: handle signed off_t overflow
A v2 pack index file can specify an offset within a packfile
of up to 2^64-1 bytes. On a system with a signed 64-bit
off_t, we can represent only up to 2^63-1. This means that a
corrupted .idx file can end up with a negative offset in the
pack code. Our bounds-checking use_pack function looks for
too-large offsets, but not for ones that have wrapped around
to negative. Let's do so, which fixes an out-of-bounds
access demonstrated in t5313.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to '')
-rwxr-xr-x | t/t5313-pack-bounds-checks.sh | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/t/t5313-pack-bounds-checks.sh b/t/t5313-pack-bounds-checks.sh index 0717746479..a8a587abc3 100755 --- a/t/t5313-pack-bounds-checks.sh +++ b/t/t5313-pack-bounds-checks.sh @@ -136,7 +136,7 @@ test_expect_success 'bogus offset into v2 extended table' ' test_must_fail git index-pack --verify $pack ' -test_expect_failure 'bogus offset inside v2 extended table' ' +test_expect_success 'bogus offset inside v2 extended table' ' # We need two objects here, so we can plausibly require # an extended table (if the first object were larger than 2^31). do_pack "$object $(git rev-parse HEAD)" --index-version=2 && |