[PATCH 02/20] packfile.c: prevent overflow in `load_idx()`

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Taylor Blau <me@ttaylorr.com>
To: git@vger.kernel.org
Cc: Derrick Stolee <derrickstolee@github.com>,
	Jeff King <peff@peff.net>,
	Johannes Schindelin <Johannes.Schindelin@gmx.de>,
	Junio C Hamano <gitster@pobox.com>,
	Victoria Dye <vdye@github.com>
Subject: [PATCH 02/20] packfile.c: prevent overflow in `load_idx()`
Date: Wed, 12 Jul 2023 19:37:30 -0400	[thread overview]
Message-ID: <d6902cd9e7f7f2a6b8044c8fb782a28c23e15600.1689205042.git.me@ttaylorr.com> (raw)
In-Reply-To: <cover.1689205042.git.me@ttaylorr.com>

Prevent an overflow when locating a pack's CRC offset when the number
of packed items is greater than 2^32-1/hashsz by guarding the
computation with an `st_mult()`.

Signed-off-by: Taylor Blau <me@ttaylorr.com>
---
 packfile.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packfile.c b/packfile.c
index 89220f0e03..70acf1694b 100644
--- a/packfile.c
+++ b/packfile.c
@@ -186,7 +186,7 @@ int load_idx(const char *path, const unsigned int hashsz, void *idx_map,
 		     */
 		    (sizeof(off_t) <= 4))
 			return error("pack too large for current definition of off_t in %s", path);
-		p->crc_offset = 8 + 4 * 256 + nr * hashsz;
+		p->crc_offset = st_add(8 + 4 * 256, st_mult(nr, hashsz));
 	}
 
 	p->index_version = version;
-- 
2.41.0.347.g7b976b8871f

next prev parent reply	other threads:[~2023-07-12 23:37 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-07-12 23:37 [PATCH 00/20] guard object lookups against 32-bit overflow Taylor Blau
2023-07-12 23:37 ` [PATCH 01/20] packfile.c: prevent overflow in `nth_packed_object_id()` Taylor Blau
2023-07-12 23:37 ` Taylor Blau [this message]
2023-07-13  8:21   ` [PATCH 02/20] packfile.c: prevent overflow in `load_idx()` Phillip Wood
2023-07-13 14:24     ` Taylor Blau
2023-07-14  0:54       ` Taylor Blau
2023-07-14  9:56         ` Phillip Wood
2023-07-14 16:29         ` Junio C Hamano
2023-07-14  9:55       ` Phillip Wood
2023-07-13 16:14     ` Junio C Hamano
2023-07-12 23:37 ` [PATCH 03/20] packfile.c: use checked arithmetic in `nth_packed_object_offset()` Taylor Blau
2023-07-12 23:37 ` [PATCH 04/20] midx.c: use `size_t`'s for fanout nr and alloc Taylor Blau
2023-07-12 23:37 ` [PATCH 05/20] midx.c: prevent overflow in `nth_midxed_object_oid()` Taylor Blau
2023-07-12 23:37 ` [PATCH 06/20] midx.c: prevent overflow in `nth_midxed_offset()` Taylor Blau
2023-07-12 23:37 ` [PATCH 07/20] midx.c: store `nr`, `alloc` variables as `size_t`'s Taylor Blau
2023-07-12 23:37 ` [PATCH 08/20] midx.c: prevent overflow in `write_midx_internal()` Taylor Blau
2023-07-12 23:37 ` [PATCH 09/20] midx.c: prevent overflow in `fill_included_packs_batch()` Taylor Blau
2023-07-12 23:37 ` [PATCH 10/20] pack-bitmap.c: ensure that eindex lookups don't overflow Taylor Blau
2023-07-12 23:37 ` [PATCH 11/20] commit-graph.c: prevent overflow in `write_commit_graph_file()` Taylor Blau
2023-07-12 23:37 ` [PATCH 12/20] commit-graph.c: prevent overflow in add_graph_to_chain() Taylor Blau
2023-07-12 23:38 ` [PATCH 13/20] commit-graph.c: prevent overflow in `load_oid_from_graph()` Taylor Blau
2023-07-12 23:38 ` [PATCH 14/20] commit-graph.c: prevent overflow in `fill_commit_graph_info()` Taylor Blau
2023-07-12 23:38 ` [PATCH 15/20] commit-graph.c: prevent overflow in `fill_commit_in_graph()` Taylor Blau
2023-07-12 23:38 ` [PATCH 16/20] commit-graph.c: prevent overflow in `load_tree_for_commit()` Taylor Blau
2023-07-12 23:38 ` [PATCH 17/20] commit-graph.c: prevent overflow in `split_graph_merge_strategy()` Taylor Blau
2023-07-12 23:38 ` [PATCH 18/20] commit-graph.c: prevent overflow in `merge_commit_graph()` Taylor Blau
2023-07-12 23:38 ` [PATCH 19/20] commit-graph.c: prevent overflow in `write_commit_graph()` Taylor Blau
2023-07-12 23:38 ` [PATCH 20/20] commit-graph.c: prevent overflow in `verify_commit_graph()` Taylor Blau

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:89220f0e0 dfblob:70acf1694 )
 OR (
bs:"[PATCH 02/20] packfile.c: prevent overflow in `load_idx()`" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=d6902cd9e7f7f2a6b8044c8fb782a28c23e15600.1689205042.git.me@ttaylorr.com \
    --to=me@ttaylorr.com \
    --cc=Johannes.Schindelin@gmx.de \
    --cc=derrickstolee@github.com \
    --cc=git@vger.kernel.org \
    --cc=gitster@pobox.com \
    --cc=peff@peff.net \
    --cc=vdye@github.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).