diff options
author | Edward Thomson <ethomson@edwardthomson.com> | 2017-12-23 10:52:08 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-12-23 10:52:08 +0000 |
commit | 30d9176013cbaaced4b94f11717d259909bb8f81 (patch) | |
tree | 38e0318bb5549110cd2f56ddc03387c124529bef | |
parent | 1ddc57b3d377221345a881642f2726cd718fe8ca (diff) | |
parent | 53f2c6b1d8907e1716ea4eb643868da445e36f54 (diff) | |
download | libgit2-30d9176013cbaaced4b94f11717d259909bb8f81.tar.gz |
Merge pull request #4435 from lhchavez/ubsan-shift-overflow
libFuzzer: Prevent a potential shift overflow
-rw-r--r-- | src/pack.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/src/pack.c b/src/pack.c index 7fd95c905..b87d22d53 100644 --- a/src/pack.c +++ b/src/pack.c @@ -934,19 +934,19 @@ git_off_t get_delta_base( if (type == GIT_OBJ_OFS_DELTA) { unsigned used = 0; unsigned char c = base_info[used++]; - base_offset = c & 127; + size_t unsigned_base_offset = c & 127; while (c & 128) { if (left <= used) return GIT_EBUFS; - base_offset += 1; - if (!base_offset || MSB(base_offset, 7)) + unsigned_base_offset += 1; + if (!unsigned_base_offset || MSB(unsigned_base_offset, 7)) return 0; /* overflow */ c = base_info[used++]; - base_offset = (base_offset << 7) + (c & 127); + unsigned_base_offset = (unsigned_base_offset << 7) + (c & 127); } - base_offset = delta_obj_offset - base_offset; - if (base_offset <= 0 || base_offset >= delta_obj_offset) + if (unsigned_base_offset == 0 || (size_t)delta_obj_offset <= unsigned_base_offset) return 0; /* out of bound */ + base_offset = delta_obj_offset - unsigned_base_offset; *curpos += used; } else if (type == GIT_OBJ_REF_DELTA) { /* If we have the cooperative cache, search in it first */ |