From f1f63a481bcaaa2124b5f0395abec6b457888bf1 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Thu, 31 Aug 2023 02:21:40 -0400 Subject: traverse_trees(): respect max_allowed_tree_depth The tree-walk.c code walks trees recursively, and may run out of stack space. The easiest way to see this is with git-archive; on my 64-bit Linux system it runs out of stack trying to generate a tarfile with a tree depth of 13,772. I've picked 4100 as the depth for our "big" test. I ran it with a much higher value to confirm that we do get a segfault without this patch. But really anything over 4096 is sufficient for its stated purpose, which is to find out if our default limit of 4096 is low enough to prevent segfaults on all platforms. Keeping it small saves us time on the test setup. The tree-walk code that's touched here underlies unpack_trees(), so this protects any programs which use it, not just git-archive (but archive is easy to test, and was what alerted me to this issue in a real-world case). Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- tree-walk.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'tree-walk.c') diff --git a/tree-walk.c b/tree-walk.c index 4efd0fc391..b517792ba2 100644 --- a/tree-walk.c +++ b/tree-walk.c @@ -9,6 +9,7 @@ #include "tree.h" #include "pathspec.h" #include "json-writer.h" +#include "environment.h" static const char *get_mode(const char *str, unsigned int *modep) { @@ -449,6 +450,9 @@ int traverse_trees(struct index_state *istate, int interesting = 1; char *traverse_path; + if (traverse_trees_cur_depth > max_allowed_tree_depth) + return error("exceeded maximum allowed tree depth"); + traverse_trees_count++; traverse_trees_cur_depth++; -- cgit v1.2.3