libFuzzer: Fix missing trailer crash

This change fixes an invalid memory access when the trailer is missing / corrupt. Found using libFuzzer.
author: lhchavez <lhchavez@lhchavez.com> 2017-12-06 03:03:18 +0000
committer: lhchavez <lhchavez@lhchavez.com> 2017-12-08 14:37:46 +0000
commit: c8aaba2441315680c60a98c73d538922f5ccd33e (patch)
tree: 390ec6635b7bd2f223380496165e8588ec09b692 /src/indexer.c
parent: 1bf173c33a217a2e4766d8c144b7935010dfa7d6 (diff)
download: libgit2-c8aaba2441315680c60a98c73d538922f5ccd33e.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/src/indexer.c b/src/indexer.c
index aedefe523..7eec0d612 100644
--- a/src/indexer.c
+++ b/src/indexer.c
@@ -951,6 +951,10 @@ int git_indexer_commit(git_indexer *idx, git_transfer_progress *stats)
 		giterr_set(GITERR_INDEXER, "unexpected data at the end of the pack");
 		return -1;
 	}
+	if (idx->off + 20 > idx->pack->mwf.size) {
+		giterr_set(GITERR_INDEXER, "missing trailer at the end of the pack");
+		return -1;
+	}
 
 	packfile_trailer = git_mwindow_open(&idx->pack->mwf, &w, idx->pack->mwf.size - GIT_OID_RAWSZ, GIT_OID_RAWSZ, &left);
 	if (packfile_trailer == NULL) {
author	lhchavez <lhchavez@lhchavez.com>	2017-12-06 03:03:18 +0000
committer	lhchavez <lhchavez@lhchavez.com>	2017-12-08 14:37:46 +0000
commit	c8aaba2441315680c60a98c73d538922f5ccd33e (patch)
tree	390ec6635b7bd2f223380496165e8588ec09b692 /src/indexer.c
parent	1bf173c33a217a2e4766d8c144b7935010dfa7d6 (diff)
download	libgit2-c8aaba2441315680c60a98c73d538922f5ccd33e.tar.gz