blob: validate that blob sizes fit in a size_t

Our blob size is a `git_off_t`, which is a signed 64 bit int. This may be erroneously negative or larger than `SIZE_MAX`. Ensure that the blob size fits into a `size_t` before casting.
author: Edward Thomson <ethomson@edwardthomson.com> 2019-01-20 22:40:38 +0000
committer: Edward Thomson <ethomson@edwardthomson.com> 2019-01-25 22:36:38 +0000
commit: c6cac733c147ff800f78e7dff81f90d93369ea68 (patch)
tree: 8defbbcee3413d3524a0a98b6aa3172811e6cf7e /src/reader.c
parent: 3aa6d96a230d15620df0c6ea2ecaae54f5b49941 (diff)
download: libgit2-c6cac733c147ff800f78e7dff81f90d93369ea68.tar.gz
1 files changed, 8 insertions, 2 deletions
diff --git a/src/reader.c b/src/reader.c
index c374c4687..1a4844698 100644
--- a/src/reader.c
+++ b/src/reader.c
@@ -32,11 +32,17 @@ static int tree_reader_read(
 	tree_reader *reader = (tree_reader *)_reader;
 	git_tree_entry *tree_entry = NULL;
 	git_blob *blob = NULL;
+	git_off_t blobsize;
 	int error;
 
 	if ((error = git_tree_entry_bypath(&tree_entry, reader->tree, filename)) < 0 ||
-	    (error = git_blob_lookup(&blob, git_tree_owner(reader->tree), git_tree_entry_id(tree_entry))) < 0 ||
-	    (error = git_buf_set(out, git_blob_rawcontent(blob), git_blob_rawsize(blob))) < 0)
+	    (error = git_blob_lookup(&blob, git_tree_owner(reader->tree), git_tree_entry_id(tree_entry))) < 0)
+		goto done;
+
+	blobsize = git_blob_rawsize(blob);
+	GIT_ERROR_CHECK_BLOBSIZE(blobsize);
+
+	if ((error = git_buf_set(out, git_blob_rawcontent(blob), (size_t)blobsize)) < 0)
 		goto done;
 
 	if (out_id)
author	Edward Thomson <ethomson@edwardthomson.com>	2019-01-20 22:40:38 +0000
committer	Edward Thomson <ethomson@edwardthomson.com>	2019-01-25 22:36:38 +0000
commit	c6cac733c147ff800f78e7dff81f90d93369ea68 (patch)
tree	8defbbcee3413d3524a0a98b6aa3172811e6cf7e /src/reader.c
parent	3aa6d96a230d15620df0c6ea2ecaae54f5b49941 (diff)
download	libgit2-c6cac733c147ff800f78e7dff81f90d93369ea68.tar.gz