| commit | 34de5b8eac2743497bc1785f661b4184adce21f3 | |
| author | Jonathan Tan <jonathantanmy@google.com> | |
| Wed, 10 Nov 2021 23:40:33 +0000 (10 15:40 -0800) | ||
| committer | Junio C Hamano <gitster@pobox.com> | |
| Thu, 11 Nov 2021 18:06:37 +0000 (11 10:06 -0800) | ||
| tree | 944d93d85a85c58141420663a68d91d95eeac0b5 | treesnapshot (tar.gz zip) |
| parent | 5fbd2fc5997dfa4d4593a862fe729b1e7a89bcf8 | commitdiff |
packfile: avoid overflowing shift during decode
unpack_object_header_buffer() attempts to protect against overflowing
left shifts, but the limit of the shift amount should not be the size of
the variable being shifted. It should be the size minus the size of its
contents. Fix that accordingly.
This was noticed at $DAYJOB by a fuzzer running internally.
Signed-off-by: Jonathan Tan <jonathantanmy@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
unpack_object_header_buffer() attempts to protect against overflowing
left shifts, but the limit of the shift amount should not be the size of
the variable being shifted. It should be the size minus the size of its
contents. Fix that accordingly.
This was noticed at $DAYJOB by a fuzzer running internally.
Signed-off-by: Jonathan Tan <jonathantanmy@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| packfile.c | diffblobblamehistory |