diff options
| author | Taylor Blau <me@ttaylorr.com> | 2024-06-11 13:28:24 -0400 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2024-06-11 16:08:28 -0700 |
| commit | e162aed591154612cbc646ab19808096d226fce5 (patch) | |
| tree | 42175f25903d173185931ed7a5af6d20953e27f8 | |
| parent | pack-bitmap.c: avoid uninitialized `pack_int_id` during reuse (diff) | |
| download | git-e162aed591154612cbc646ab19808096d226fce5.tar.gz git-e162aed591154612cbc646ab19808096d226fce5.zip | |
pack-revindex.c: guard against out-of-bounds pack lookups
The function midx_key_to_pack_pos() is a helper function used by
midx_to_pack_pos() and midx_pair_to_pack_pos() to translate a (pack,
offset) tuple into a position into the MIDX pseudo-pack order.
Ensure that the pack ID given to midx_pair_to_pack_pos() is bounded by
the number of packs within the MIDX to prevent, for instance,
uninitialized memory from being used as a pack ID.
Signed-off-by: Taylor Blau <me@ttaylorr.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| -rw-r--r-- | pack-revindex.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/pack-revindex.c b/pack-revindex.c index fc63aa76a2..93ffca7731 100644 --- a/pack-revindex.c +++ b/pack-revindex.c @@ -527,6 +527,9 @@ static int midx_key_to_pack_pos(struct multi_pack_index *m, { uint32_t *found; + if (key->pack >= m->num_packs) + BUG("MIDX pack lookup out of bounds (%"PRIu32" >= %"PRIu32")", + key->pack, m->num_packs); /* * The preferred pack sorts first, so determine its identifier by * looking at the first object in pseudo-pack order. |