summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeff King <peff@peff.net>2017-09-13 14:47:22 -0400
committerJunio C Hamano <gitster@pobox.com>2017-09-14 15:18:00 +0900
commitf48ecd38cb86b86f01914e875d74c92c077bf493 (patch)
treefd748b19e8b0a667312b776c638b6f4ac55d2dcd
parentd9bd4cbb9cce9f872cc4427d1c27a62c6768b12a (diff)
downloadgit-jk/write-in-full-fix.tar.gz
read_pack_header: handle signed/unsigned comparison in read resultjk/write-in-full-fix
The result of read_in_full() may be -1 if we saw an error. But in comparing it to a sizeof() result, that "-1" will be promoted to size_t. In fact, the largest possible size_t which is much bigger than our struct size. This means that our "< sizeof(header)" error check won't trigger. In practice, we'd go on to read uninitialized memory and compare it to the PACK signature, which is likely to fail. But we shouldn't get there. We can fix this by making a direct "!=" comparison to the requested size, rather than "<". This means that errors get lumped in with short reads, but that's sufficient for our purposes here. There's no PH_ERROR tp represent our case. And anyway, this function reads from pipes and network sockets. A network error may racily appear as EOF to us anyway if there's data left in the socket buffers. Signed-off-by: Jeff King <peff@peff.net> Reviewed-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r--sha1_file.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/sha1_file.c b/sha1_file.c
index 4fa4b185f3..20a9d39c00 100644
--- a/sha1_file.c
+++ b/sha1_file.c
@@ -3722,7 +3722,7 @@ int index_path(unsigned char *sha1, const char *path, struct stat *st, unsigned
int read_pack_header(int fd, struct pack_header *header)
{
- if (read_in_full(fd, header, sizeof(*header)) < sizeof(*header))
+ if (read_in_full(fd, header, sizeof(*header)) != sizeof(*header))
/* "eof before pack header was fully read" */
return PH_ERROR_EOF;