2 files changed, 60 insertions, 1 deletions

diff --git a/builtin-apply.c b/builtin-apply.c
index 25b1447901..976ec77041 100644
--- a/builtin-apply.c
+++ b/builtin-apply.c
@@ -1514,7 +1514,8 @@ static int find_offset(const char *buf, unsigned long size, const char *fragment
 	}
 
 	/* Exact line number? */
-	if (!memcmp(buf + start, fragment, fragsize))
+	if ((start + fragsize <= size) &&
+	    !memcmp(buf + start, fragment, fragsize))
 		return start;
 
 	/*
diff --git a/t/t4123-apply-shrink.sh b/t/t4123-apply-shrink.sh
new file mode 100755
index 0000000000..984157f03b
--- /dev/null
+++ b/t/t4123-apply-shrink.sh
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+test_description='apply a patch that is larger than the preimage'
+
+. ./test-lib.sh
+
+cat >F  <<\EOF
+1
+2
+3
+4
+5
+6
+7
+8
+999999
+A
+B
+C
+D
+E
+F
+G
+H
+I
+J
+
+EOF
+
+test_expect_success setup '
+
+	git add F &&
+	mv F G &&
+	sed -e "s/1/11/" -e "s/999999/9/" -e "s/H/HH/" <G >F &&
+	git diff >patch &&
+	sed -e "/^\$/d" <G >F &&
+	git add F
+
+'
+
+test_expect_success 'apply should fail gracefully' '
+
+	if git apply --index patch
+	then
+		echo Oops, should not have succeeded
+		false
+	else
+		status=$?
+		echo "Status was $status"
+		if test -f .git/index.lock
+		then
+			echo Oops, should not have crashed
+			false
+		fi
+	fi
+'
+
+test_done