diff options
author | Taylor Blau <me@ttaylorr.com> | 2023-07-13 02:37:38 +0300 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2023-07-14 19:32:03 +0300 |
commit | c2b24ede229dbc6686e37c8cae1e169fc356049e (patch) | |
tree | 0395b2b22fde30fded345cb5645c4bc2fe57dcf6 /midx.c | |
parent | e6c71f239d18af3b99af8fa2b68f16cee813d1e2 (diff) |
midx.c: prevent overflow in `nth_midxed_object_oid()`
In a similar spirit as previous commits, avoid overflow when looking up
an object's OID in a MIDX when its position is greater than
`2^32-1/m->hash_len`.
As usual, it is perfectly OK for a MIDX to have as many as 2^32-1
objects (since we use 32-bit fields to count the number of objects at
each fanout layer). But if we have more than `2^32-1/m->hash_len` number
of objects, we will incorrectly perform the computation using 32-bit
integers, overflowing the result.
Signed-off-by: Taylor Blau <me@ttaylorr.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'midx.c')
-rw-r--r-- | midx.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -254,7 +254,7 @@ struct object_id *nth_midxed_object_oid(struct object_id *oid, if (n >= m->num_objects) return NULL; - oidread(oid, m->chunk_oid_lookup + m->hash_len * n); + oidread(oid, m->chunk_oid_lookup + st_mult(m->hash_len, n)); return oid; } |