Re: [PATCH 11/11] reftable/table: fix OOB read on truncated table

Git development
 help / color / mirror / Atom feed

From: Patrick Steinhardt <ps@pks.im>
To: oxsignal <awo@kakao.com>
Cc: git@vger.kernel.org
Subject: Re: [PATCH 11/11] reftable/table: fix OOB read on truncated table
Date: Wed, 24 Jun 2026 11:46:27 +0200	[thread overview]
Message-ID: <ajuncy95aopgDt-b@pks.im> (raw)
In-Reply-To: <20260624181426.NJDNpVd1RE-qJjBVh5jtQg@awo.kakao.com>

On Wed, Jun 24, 2026 at 06:14:26PM +0900, oxsignal wrote:
> Hi Patrick,
> 
> Thanks for the patch series, for adding the dedicated reftable fuzzer, and for
> the credit.
> 
> I reviewed the cover letter and the reftable hardening patches. Patch 05/11
> matches the OOB write case I reported:
> the new minimum block-size validation before handling the log block prevents
> the bogus inflated-size underflow from reaching the inflate/copy path.
> 
> The rest of the series also looks like a good cleanup of the corrupted reftable
> parser surface, especially the restart-count/restart-offset and truncated-table
> checks.
> If I find any remaining malformed-table case that is not covered by this
> series, I will follow up with the reproducer.
> 
> Thanks again for handling this so quickly.

Perfect, thanks for the report and reading through the patches!

Patrick

next      parent reply	other threads:[~2026-06-24  9:46 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20260624181426.NJDNpVd1RE-qJjBVh5jtQg@awo.kakao.com>
2026-06-24  9:46 ` Patrick Steinhardt [this message]
2026-06-24  8:23 [PATCH 00/11] reftable: harden against corrupted tables Patrick Steinhardt
2026-06-24  8:23 ` [PATCH 11/11] reftable/table: fix OOB read on truncated table Patrick Steinhardt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ajuncy95aopgDt-b@pks.im \
    --to=ps@pks.im \
    --cc=awo@kakao.com \
    --cc=git@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox