diff options
| author | Yong Li <yong@topologyinc.com> | 2015-12-24 10:04:44 -0500 |
|---|---|---|
| committer | Yong Li <yong@topologyinc.com> | 2016-01-04 10:47:00 -0500 |
| commit | b3eb2cde2bf6cf1011324eb594087b7c93a02a41 (patch) | |
| tree | 9583a7fcc6854ef963eefde019d6cf99bb425fcc | |
| parent | 3d29b12c9c8ba3272bbc5523fccde96c06ee6b83 (diff) | |
| download | libgit2-b3eb2cde2bf6cf1011324eb594087b7c93a02a41.tar.gz | |
Avoid subtraction overflow in git_indexer_commit
| -rw-r--r-- | src/indexer.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/indexer.c b/src/indexer.c index 9aa092556..6e9af06a5 100644 --- a/src/indexer.c +++ b/src/indexer.c @@ -914,12 +914,17 @@ int git_indexer_commit(git_indexer *idx, git_transfer_progress *stats) git_filebuf index_file = {0}; void *packfile_trailer; + if (!idx->parsed_header) { + giterr_set(GITERR_INDEXER, "incomplete pack header"); + return -1; + } + if (git_hash_ctx_init(&ctx) < 0) return -1; /* Test for this before resolve_deltas(), as it plays with idx->off */ - if (idx->off < idx->pack->mwf.size - 20) { - giterr_set(GITERR_INDEXER, "Unexpected data at the end of the pack"); + if (idx->off + 20 < idx->pack->mwf.size) { + giterr_set(GITERR_INDEXER, "unexpected data at the end of the pack"); return -1; } |