diff options
| author | Junio C Hamano <gitster@pobox.com> | 2016-03-17 09:55:54 -0700 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2016-03-17 11:22:24 -0700 |
| commit | 32c6dca8c428672c11a2a0ddf3cb2f7476caff86 (patch) | |
| tree | 4b4f7532ab4b0be6b2b59d7ff4cf09956b5987fd /tree-diff.c | |
| parent | a2558fb8e1e387b630312311e1d22c95663da5d0 (diff) | |
| parent | 2824e1841b99393d2469c495253d547c643bd8f1 (diff) | |
| download | git-32c6dca8c428672c11a2a0ddf3cb2f7476caff86.tar.gz git-32c6dca8c428672c11a2a0ddf3cb2f7476caff86.tar.xz | |
Merge branch 'jk/path-name-safety-2.4' into maint-2.4
Bugfix patches were backported from the 'master' front to plug heap
corruption holes, to catch integer overflow in the computation of
pathname lengths, and to get rid of the name_path API. Both of
these would have resulted in writing over an under-allocated buffer
when formulating pathnames while tree traversal.
* jk/path-name-safety-2.4:
list-objects: pass full pathname to callbacks
list-objects: drop name_path entirely
list-objects: convert name_path to a strbuf
show_object_with_name: simplify by using path_name()
http-push: stop using name_path
tree-diff: catch integer overflow in combine_diff_path allocation
add helpers for detecting size_t overflow
Diffstat (limited to 'tree-diff.c')
| -rw-r--r-- | tree-diff.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/tree-diff.c b/tree-diff.c index e7b378c8b..4b32d4067 100644 --- a/tree-diff.c +++ b/tree-diff.c @@ -124,8 +124,8 @@ static struct combine_diff_path *path_appendnew(struct combine_diff_path *last, unsigned mode, const unsigned char *sha1) { struct combine_diff_path *p; - int len = base->len + pathlen; - int alloclen = combine_diff_path_size(nparent, len); + size_t len = st_add(base->len, pathlen); + size_t alloclen = combine_diff_path_size(nparent, len); /* if last->next is !NULL - it is a pre-allocated memory, we can reuse */ p = last->next; |