diff options
| author | Jeff King <peff@peff.net> | 2023-11-09 10:12:07 +0300 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2023-11-09 13:07:52 +0300 |
| commit | 9d78fb0eb6fa67cee069d3a403acb2fadd46f058 (patch) | |
| tree | 1089d32d675aec2bf7dd8977bb11c9018d5f4c4b /commit-graph.c | |
| parent | 4bc6d43271e9b5553135f6ae90f6634473077721 (diff) | |
midx: check consistency of fanout table
The commit-graph, midx, and pack idx on-disk formats all have oid fanout
tables which are fed to bsearch_hash(). If these tables do not increase
monotonically, then the binary search may not only produce bogus values,
it may cause out of bounds reads.
We fixed this for commit graphs in 4169d89645 (commit-graph: check
consistency of fanout table, 2023-10-09). That commit argued that we did
not need to do the same for midx and pack idx files, because they
already did this check. However, that is wrong. We _do_ check the fanout
table for pack idx files when we load them, but we only do so for midx
files when running "git multi-pack-index verify". So it is possible to
get an out-of-bounds read by running a normal command with a specially
crafted midx file.
Let's fix this using the same solution (and roughly the same test) we
did for the commit-graph in 4169d89645. This replaces the same check
from "multi-pack-index verify", because verify uses the same read
routines, we'd bail on reading the midx much sooner now. So let's make
sure to copy its verbose error message.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'commit-graph.c')
0 files changed, 0 insertions, 0 deletions