diff options
author | Jeff King <peff@peff.net> | 2018-11-04 05:27:46 +0300 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2018-11-06 06:57:08 +0300 |
commit | 61b0fcbb64d00d52290d433c1e754c01740b3d19 (patch) | |
tree | 4056d948123038785618385a1383b719010ea010 /midx.c | |
parent | 517fe807d6903c629a739b23fe0e75b892096998 (diff) |
midx: double-check large object write loop
The write_midx_large_offsets() function takes an array of object
entries, the number of entries in the array (nr_objects), and the number
of entries with large offsets (nr_large_offset). But we never actually
use nr_objects; instead we keep walking down the array and counting down
nr_large_offset until we've seen all of the large entries.
This is correct, but we can be a bit more defensive. If there were ever
a mismatch between nr_large_offset and the actual set of large-offset
objects, we'd walk off the end of the array.
Since we know the size of the array, we can use nr_objects to make sure
we don't walk too far.
Signed-off-by: Jeff King <peff@peff.net>
Reviewed-by: Derrick Stolee <dstolee@microsoft.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'midx.c')
-rw-r--r-- | midx.c | 12 |
1 files changed, 9 insertions, 3 deletions
@@ -712,12 +712,18 @@ static size_t write_midx_object_offsets(struct hashfile *f, int large_offset_nee static size_t write_midx_large_offsets(struct hashfile *f, uint32_t nr_large_offset, struct pack_midx_entry *objects, uint32_t nr_objects) { - struct pack_midx_entry *list = objects; + struct pack_midx_entry *list = objects, *end = objects + nr_objects; size_t written = 0; while (nr_large_offset) { - struct pack_midx_entry *obj = list++; - uint64_t offset = obj->offset; + struct pack_midx_entry *obj; + uint64_t offset; + + if (list >= end) + BUG("too many large-offset objects"); + + obj = list++; + offset = obj->offset; if (!(offset >> 31)) continue; |