From 953aa54e1a6a7571d48eddea3ee68745bf94e69d Mon Sep 17 00:00:00 2001 From: Jeff King Date: Sat, 1 May 2021 10:03:37 -0400 Subject: pack-objects: clamp negative window size to 0 A negative window size makes no sense, and the code in find_deltas() is not prepared to handle it. If you pass "-1", for example, we end up generate a 0-length array of "struct unpacked", but our loop assumes it has at least one entry in it (and we end up reading garbage memory). We could complain to the user about this, but it's more forgiving to just clamp it to 0, which means "do not find any deltas at all". The 0-case is already tested earlier in the script, so we'll make sure this does the same thing. Reported-by: Yiyuan guo Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- builtin/pack-objects.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'builtin/pack-objects.c') diff --git a/builtin/pack-objects.c b/builtin/pack-objects.c index 6d13cd3e1a..ea7a5b3ba5 100644 --- a/builtin/pack-objects.c +++ b/builtin/pack-objects.c @@ -3871,6 +3871,8 @@ int cmd_pack_objects(int argc, const char **argv, const char *prefix) (1U << OE_Z_DELTA_BITS) - 1); cache_max_small_delta_size = (1U << OE_Z_DELTA_BITS) - 1; } + if (window < 0) + window = 0; strvec_push(&rp, "pack-objects"); if (thin) { -- cgit v1.2.3 From 6d52b6a5dfe0bee20dbfb2a3a7291bcf9a152672 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Sat, 1 May 2021 10:04:34 -0400 Subject: pack-objects: clamp negative depth to 0 A negative delta depth makes no sense, and the code is not prepared to handle it. If passed "--depth=-1" on the command line, then this line from break_delta_chains(): cur->depth = (total_depth--) % (depth + 1); triggers a divide-by-zero. This is undefined behavior according to the C standard, but on POSIX systems results in SIGFPE killing the process. This is certainly one way to inform the use that the command was invalid, but it's a bit friendlier to just treat it as "don't allow any deltas", which we already do for --depth=0. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- builtin/pack-objects.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'builtin/pack-objects.c') diff --git a/builtin/pack-objects.c b/builtin/pack-objects.c index ea7a5b3ba5..da5e0700f9 100644 --- a/builtin/pack-objects.c +++ b/builtin/pack-objects.c @@ -3861,6 +3861,8 @@ int cmd_pack_objects(int argc, const char **argv, const char *prefix) if (pack_to_stdout != !base_name || argc) usage_with_options(pack_usage, pack_objects_options); + if (depth < 0) + depth = 0; if (depth >= (1 << OE_DEPTH_BITS)) { warning(_("delta chain depth %d is too deep, forcing %d"), depth, (1 << OE_DEPTH_BITS) - 1); -- cgit v1.2.3