summaryrefslogtreecommitdiff
path: root/sha1-name.c
diff options
context:
space:
mode:
authorRené Scharfe <l.s.r@web.de>2019-09-15 14:10:28 +0200
committerJunio C Hamano <gitster@pobox.com>2019-09-16 12:50:33 -0700
commit59fa5f5a25d9ccc57558ac44cce83d37ac1cec58 (patch)
treee2fa7a954b44962ce6696c5be7f57349828e65e3 /sha1-name.c
parenta678df1bf928caeeef642ef07f73484a580fea57 (diff)
downloadgit-59fa5f5a25d9ccc57558ac44cce83d37ac1cec58.tar.gz
sha1-name: check for overflow of N in "foo^N" and "foo~N"
Reject values that don't fit into an int, as get_parent() and get_nth_ancestor() cannot handle them. That's better than potentially returning a random object. If this restriction turns out to be too tight then we can switch to a wider data type, but we'd still have to check for overflow. Signed-off-by: René Scharfe <l.s.r@web.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'sha1-name.c')
-rw-r--r--sha1-name.c15
1 files changed, 12 insertions, 3 deletions
diff --git a/sha1-name.c b/sha1-name.c
index 728e6f1f61..ea0bf6970e 100644
--- a/sha1-name.c
+++ b/sha1-name.c
@@ -1163,13 +1163,22 @@ static enum get_oid_result get_oid_1(struct repository *r,
}
if (has_suffix) {
- int num = 0;
+ unsigned int num = 0;
int len1 = cp - name;
cp++;
- while (cp < name + len)
- num = num * 10 + *cp++ - '0';
+ while (cp < name + len) {
+ unsigned int digit = *cp++ - '0';
+ if (unsigned_mult_overflows(num, 10))
+ return MISSING_OBJECT;
+ num *= 10;
+ if (unsigned_add_overflows(num, digit))
+ return MISSING_OBJECT;
+ num += digit;
+ }
if (!num && len1 == len - 1)
num = 1;
+ else if (num > INT_MAX)
+ return MISSING_OBJECT;
if (has_suffix == '^')
return get_parent(r, name, len1, oid, num);
/* else if (has_suffix == '~') -- goes without saying */