diff options
author | Patrick Steinhardt <ps@pks.im> | 2016-02-23 11:23:26 +0100 |
---|---|---|
committer | Patrick Steinhardt <ps@pks.im> | 2016-02-23 12:07:14 +0100 |
commit | 0f1e2d2066115e62fd7396e0f436b4a5dd8384cd (patch) | |
tree | 1a1bd1bb3a67d671d135d7f3b7a74e73a3ec2e92 | |
parent | 7808c93797b3fa9f552bd2e24672089b8d27ad2a (diff) | |
download | libgit2-0f1e2d2066115e62fd7396e0f436b4a5dd8384cd.tar.gz |
index: fix contradicting comparison
The overflow check in `read_reuc` tries to verify if the
`git__strtol32` parses an integer bigger than UINT_MAX. The `tmp`
variable is casted to an unsigned int for this and then checked
for being greater than UINT_MAX, which obviously can never be
true.
Fix this by instead fixing the `mode` field's size in `struct
git_index_reuc_entry` to `uint32_t`. We can now parse the int
with `git__strtol64`, which can never return a value bigger than
`UINT32_MAX`, and additionally checking if the returned value is
smaller than zero.
We do not need to handle overflows explicitly here, as
`git__strtol64` returns an error when the returned value would
overflow.
-rw-r--r-- | include/git2/sys/index.h | 2 | ||||
-rw-r--r-- | src/index.c | 6 |
2 files changed, 4 insertions, 4 deletions
diff --git a/include/git2/sys/index.h b/include/git2/sys/index.h index 29a99f798..2e2b87e68 100644 --- a/include/git2/sys/index.h +++ b/include/git2/sys/index.h @@ -25,7 +25,7 @@ typedef struct git_index_name_entry { /** Representation of a resolve undo entry in the index. */ typedef struct git_index_reuc_entry { - unsigned int mode[3]; + uint32_t mode[3]; git_oid oid[3]; char *path; } git_index_reuc_entry; diff --git a/src/index.c b/src/index.c index 85c2f8ea8..483f7af7c 100644 --- a/src/index.c +++ b/src/index.c @@ -2135,11 +2135,11 @@ static int read_reuc(git_index *index, const char *buffer, size_t size) /* read 3 ASCII octal numbers for stage entries */ for (i = 0; i < 3; i++) { - int tmp; + int64_t tmp; - if (git__strtol32(&tmp, buffer, &endptr, 8) < 0 || + if (git__strtol64(&tmp, buffer, &endptr, 8) < 0 || !endptr || endptr == buffer || *endptr || - (unsigned)tmp > UINT_MAX) { + tmp < 0) { index_entry_reuc_free(lost); return index_error_invalid("reading reuc entry stage"); } |