diff options
| author | Jeff King <peff@peff.net> | 2017-09-13 14:47:22 -0400 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2017-09-14 15:18:00 +0900 |
| commit | f48ecd38cb86b86f01914e875d74c92c077bf493 (patch) | |
| tree | fd748b19e8b0a667312b776c638b6f4ac55d2dcd /pkt-line.c | |
| parent | d9bd4cbb9cce9f872cc4427d1c27a62c6768b12a (diff) | |
| download | git-f48ecd38cb86b86f01914e875d74c92c077bf493.tar.gz git-f48ecd38cb86b86f01914e875d74c92c077bf493.tar.xz | |
read_pack_header: handle signed/unsigned comparison in read result
The result of read_in_full() may be -1 if we saw an error.
But in comparing it to a sizeof() result, that "-1" will be
promoted to size_t. In fact, the largest possible size_t
which is much bigger than our struct size. This means that
our "< sizeof(header)" error check won't trigger.
In practice, we'd go on to read uninitialized memory and
compare it to the PACK signature, which is likely to fail.
But we shouldn't get there.
We can fix this by making a direct "!=" comparison to the
requested size, rather than "<". This means that errors get
lumped in with short reads, but that's sufficient for our
purposes here. There's no PH_ERROR tp represent our case.
And anyway, this function reads from pipes and network
sockets. A network error may racily appear as EOF to us
anyway if there's data left in the socket buffers.
Signed-off-by: Jeff King <peff@peff.net>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'pkt-line.c')
0 files changed, 0 insertions, 0 deletions