summaryrefslogtreecommitdiff
path: root/dir.c
diff options
context:
space:
mode:
authorJeff King <peff@peff.net>2018-06-14 23:44:43 -0400
committerJunio C Hamano <gitster@pobox.com>2018-06-18 09:13:57 -0700
commit1140bf01ecf4a49c32b3c385dd782cd183e730af (patch)
tree9253363dc076c4cf88cc60b93d1706fd38f3f0c5 /dir.c
parent9d2e330b1795222c2c816afa46138e7ff4ebec8e (diff)
downloadgit-1140bf01ecf4a49c32b3c385dd782cd183e730af.tar.gz
ewah: adjust callers of ewah_read_mmap()
The return value of ewah_read_mmap() is now an ssize_t, since we could (in theory) process up to 32GB of data. This would never happen in practice, but a corrupt or malicious .bitmap or index file could convince us to do so. Let's make sure that we don't stuff the value into an int, which would cause us to incorrectly move our pointer forward. We'd always move too little, since negative values are used for reporting errors. So the worst case is just that we end up reporting a corrupt file, not an out-of-bounds read. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'dir.c')
-rw-r--r--dir.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/dir.c b/dir.c
index 7c4b45e30e..c9714cfb40 100644
--- a/dir.c
+++ b/dir.c
@@ -2831,7 +2831,8 @@ struct untracked_cache *read_untracked_extension(const void *data, unsigned long
struct read_data rd;
const unsigned char *next = data, *end = (const unsigned char *)data + sz;
const char *ident;
- int ident_len, len;
+ int ident_len;
+ ssize_t len;
const char *exclude_per_dir;
if (sz <= 1 || end[-1] != '\0')