Use `size_t` to hold size of arrays

Use `size_t` to hold the size of arrays to ease overflow checking, lest we check for overflow of a `size_t` then promptly truncate by packing the length into a smaller type.
author: Edward Thomson <ethomson@microsoft.com> 2015-02-11 11:20:05 -0500
committer: Edward Thomson <ethomson@edwardthomson.com> 2015-02-12 22:54:47 -0500
commit: ec3b4d35f636c26d3c9b5703c3b7f87683800af8 (patch)
tree: a1d4330c4efaa1b7097f64f4243224e0581a5b2e /src/pack-objects.c
parent: 2884cc42de8b20a58cec8488d014a853d47c047e (diff)
download: libgit2-ec3b4d35f636c26d3c9b5703c3b7f87683800af8.tar.gz
1 files changed, 9 insertions, 1 deletions
diff --git a/src/pack-objects.c b/src/pack-objects.c
index 288077078..9b56234b5 100644
--- a/src/pack-objects.c
+++ b/src/pack-objects.c
@@ -190,6 +190,7 @@ int git_packbuilder_insert(git_packbuilder *pb, const git_oid *oid,
 {
 	git_pobject *po;
 	khiter_t pos;
+	size_t newsize;
 	int ret;
 
 	assert(pb && oid);
@@ -203,7 +204,14 @@ int git_packbuilder_insert(git_packbuilder *pb, const git_oid *oid,
 	if (pb->nr_objects >= pb->nr_alloc) {
 		GITERR_CHECK_ALLOC_ADD(pb->nr_alloc, 1024);
 		GITERR_CHECK_ALLOC_MULTIPLY(pb->nr_alloc + 1024, 3 / 2);
-		pb->nr_alloc = (pb->nr_alloc + 1024) * 3 / 2;
+		newsize = (pb->nr_alloc + 1024) * 3 / 2;
+
+		if (!git__is_uint32(newsize)) {
+			giterr_set(GITERR_NOMEMORY, "Packfile too large to fit in memory.");
+			return -1;
+		}
+
+		pb->nr_alloc = (uint32_t)newsize;
 
 		pb->object_list = git__reallocarray(pb->object_list,
 			pb->nr_alloc, sizeof(*po));
author	Edward Thomson <ethomson@microsoft.com>	2015-02-11 11:20:05 -0500
committer	Edward Thomson <ethomson@edwardthomson.com>	2015-02-12 22:54:47 -0500
commit	ec3b4d35f636c26d3c9b5703c3b7f87683800af8 (patch)
tree	a1d4330c4efaa1b7097f64f4243224e0581a5b2e /src/pack-objects.c
parent	2884cc42de8b20a58cec8488d014a853d47c047e (diff)
download	libgit2-ec3b4d35f636c26d3c9b5703c3b7f87683800af8.tar.gz