diff options
author | Edward Thomson <ethomson@edwardthomson.com> | 2019-01-20 22:40:38 +0000 |
---|---|---|
committer | Edward Thomson <ethomson@edwardthomson.com> | 2019-01-25 22:36:38 +0000 |
commit | c6cac733c147ff800f78e7dff81f90d93369ea68 (patch) | |
tree | 8defbbcee3413d3524a0a98b6aa3172811e6cf7e /src/notes.c | |
parent | 3aa6d96a230d15620df0c6ea2ecaae54f5b49941 (diff) | |
download | libgit2-c6cac733c147ff800f78e7dff81f90d93369ea68.tar.gz |
blob: validate that blob sizes fit in a size_t
Our blob size is a `git_off_t`, which is a signed 64 bit int. This may
be erroneously negative or larger than `SIZE_MAX`. Ensure that the blob
size fits into a `size_t` before casting.
Diffstat (limited to 'src/notes.c')
-rw-r--r-- | src/notes.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/notes.c b/src/notes.c index 2931353d3..8e622c64a 100644 --- a/src/notes.c +++ b/src/notes.c @@ -12,6 +12,7 @@ #include "config.h" #include "iterator.h" #include "signature.h" +#include "blob.h" static int note_error_notfound(void) { @@ -319,6 +320,7 @@ static int note_new( git_blob *blob) { git_note *note = NULL; + git_off_t blobsize; note = git__malloc(sizeof(git_note)); GIT_ERROR_CHECK_ALLOC(note); @@ -329,7 +331,10 @@ static int note_new( git_signature_dup(¬e->committer, git_commit_committer(commit)) < 0) return -1; - note->message = git__strndup(git_blob_rawcontent(blob), git_blob_rawsize(blob)); + blobsize = git_blob_rawsize(blob); + GIT_ERROR_CHECK_BLOBSIZE(blobsize); + + note->message = git__strndup(git_blob_rawcontent(blob), (size_t)blobsize); GIT_ERROR_CHECK_ALLOC(note->message); *out = note; |