diff options
author | Jeff King <peff@peff.net> | 2018-05-13 19:09:42 +0300 |
---|---|---|
committer | Jeff King <peff@peff.net> | 2018-05-22 06:50:11 +0300 |
commit | 11a9f4d807a0d71dc6eff51bb87baf4ca2cccf1d (patch) | |
tree | 0ad3d6ce5353f8a5b6b4c1ccd27cea3742db2f7e /utf8.c | |
parent | 0383bbb9015898cbc79abd7b64316484d7713b44 (diff) |
is_ntfs_dotgit: use a size_t for traversing string
We walk through the "name" string using an int, which can
wrap to a negative value and cause us to read random memory
before our array (e.g., by creating a tree with a name >2GB,
since "int" is still 32 bits even on most 64-bit platforms).
Worse, this is easy to trigger during the fsck_tree() check,
which is supposed to be protecting us from malicious
garbage.
Note one bit of trickiness in the existing code: we
sometimes assign -1 to "len" at the end of the loop, and
then rely on the "len++" in the for-loop's increment to take
it back to 0. This is still legal with a size_t, since
assigning -1 will turn into SIZE_MAX, which then wraps
around to 0 on increment.
Signed-off-by: Jeff King <peff@peff.net>
Diffstat (limited to 'utf8.c')
0 files changed, 0 insertions, 0 deletions