mirrors/git
0
0
Fork 0
mirror of https://github.com/git/git.git synced 2024-11-25 02:44:48 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'jt/pack-header-lshift-overflow'

Browse Source 
The code to decode the length of packed object size has been
corrected.

* jt/pack-header-lshift-overflow:
  packfile: avoid overflowing shift during decode
This commit is contained in:
Junio C Hamano 2021-12-10 14:35:08 -08:00
commit 2d5b70de2d
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
packfile.c
View File

@ -1068,7 +1068,7 @@ unsigned long unpack_object_header_buffer(const unsigned char *buf,
size = c & 15;
shift = 4;
while (c & 0x80) {
if (len <= used || bitsizeof(long) <= shift) {
if (len <= used || (bitsizeof(long) - 7) <= shift) {
error("bad object header");
size = used = 0;
break;