Add a minimum size check when opening an v2 pack index file

Signed-off-by: Ramsay Jones <ramsay@ramsay1.demon.co.uk>

1 files changed, 8 insertions, 0 deletions

diff --git a/src/odb.c b/src/odb.c
index 0985c00bc..5e95e5342 100644
--- a/src/odb.c
+++ b/src/odb.c
@@ -746,6 +746,7 @@ static int pack_openidx_v2(git_pack *p)
 	unsigned char *data = p->idx_map.data;
 	uint32_t *src_fanout = (uint32_t *)(data + 8);
 	uint32_t *im_fanout;
+	size_t sz;
 	int j;
 
 	if ((im_fanout = git__malloc(sizeof(*im_fanout) * 256)) == NULL)
@@ -761,6 +762,13 @@ static int pack_openidx_v2(git_pack *p)
 	}
 	p->obj_cnt = im_fanout[255];
 
+	/* minimum size of .idx file (with empty 64-bit offsets table): */
+	sz = 4 + 4 + 256 * 4 + p->obj_cnt * (20 + 4 + 4) + 2 * 20;
+	if (p->idx_map.len < sz) {
+		free(im_fanout);
+		return GIT_ERROR;
+	}
+
 	p->idx_search = idxv2_search;
 	p->im_fanout = im_fanout;
 	p->im_oid = (unsigned char *)(src_fanout + 256);