From 2b32806bc4734cb4e1f450276e98ff362b5224d3 Mon Sep 17 00:00:00 2001
From: Patrick Steinhardt <ps@pks.im>
Date: Thu, 18 Oct 2018 11:25:59 +0200
Subject: commit_list: avoid use of strtol64 without length limit

When quick-parsing a commit, we use `git__strtol64` to parse the
commit's time. The buffer that's passed to `commit_quick_parse` is the
raw data of an ODB object, though, whose data may not be properly
formatted and also does not have to be `NUL` terminated. This may lead
to out-of-bound reads.

Use `git__strntol64` to avoid this problem.

(cherry picked from commit 1a3fa1f5fafd433bdcf1834426d6963eff532125)
---
 src/commit_list.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/commit_list.c')

diff --git a/src/commit_list.c b/src/commit_list.c
index 3bba58c27..7df79bfd6 100644
--- a/src/commit_list.c
+++ b/src/commit_list.c
@@ -171,7 +171,9 @@ static int commit_quick_parse(
 			buffer--;
 	}
 
-	if ((buffer == committer_start) || (git__strtol64(&commit_time, (char *)(buffer + 1), NULL, 10) < 0))
+	if ((buffer == committer_start) ||
+	    (git__strntol64(&commit_time, (char *)(buffer + 1),
+			    buffer_end - buffer + 1, NULL, 10) < 0))
 		return commit_error(commit, "cannot parse commit time");
 
 	commit->time = commit_time;
-- 
cgit v1.2.1