From 2855d58079cd56361879cc03f7c769409bb445e5 Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Mon, 17 Apr 2006 17:46:07 -0700 Subject: packed_object_info_detail(): check for corrupt packfile. Serge E. Hallyn noticed that we compute how many input bytes are still left, but did not use it for sanity checking. Signed-off-by: Junio C Hamano --- sha1_file.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/sha1_file.c b/sha1_file.c index e3d011309a..f2d33afb27 100644 --- a/sha1_file.c +++ b/sha1_file.c @@ -874,17 +874,19 @@ void packed_object_info_detail(struct pack_entry *e, unsigned char *base_sha1) { struct packed_git *p = e->p; - unsigned long offset, left; + unsigned long offset; unsigned char *pack; enum object_type kind; offset = unpack_object_header(p, e->offset, &kind, size); pack = p->pack_base + offset; - left = p->pack_size - offset; if (kind != OBJ_DELTA) *delta_chain_length = 0; else { unsigned int chain_length = 0; + if (p->pack_size <= offset + 20) + die("pack file %s records an incomplete delta base", + p->pack_name); memcpy(base_sha1, pack, 20); do { struct pack_entry base_ent; -- cgit v1.2.1