Skip to content

Commit 4a3c346

Browse files
peffgitster
peff
authored and
gitster
committed
commit-graph: check size of generations chunk
We neither check nor record the size of the generations chunk we parse from a commit-graph file. This should have one uint32_t for each commit in the file; if it is smaller (due to corruption, etc), we may read outside the mapped memory. The included test segfaults without this patch, as it shrinks the size considerably (and the chunk is near the end of the file, so we read off the end of the array rather than accidentally reading another chunk). We can fix this by checking the size up front (like we do for other fixed-size chunks, like CDAT). Signed-off-by: Jeff King <[email protected]> Signed-off-by: Junio C Hamano <[email protected]>
1 parent 6cf61d0 commit 4a3c346

File tree

2 files changed

+20
-2
lines changed

2 files changed

+20
-2
lines changed

commit-graph.c

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -350,6 +350,16 @@ static int graph_read_commit_data(const unsigned char *chunk_start,
350350
return 0;
351351
}
352352

353+
static int graph_read_generation_data(const unsigned char *chunk_start,
354+
size_t chunk_size, void *data)
355+
{
356+
struct commit_graph *g = data;
357+
if (chunk_size != g->num_commits * sizeof(uint32_t))
358+
return error("commit-graph generations chunk is wrong size");
359+
g->chunk_generation_data = chunk_start;
360+
return 0;
361+
}
362+
353363
static int graph_read_bloom_data(const unsigned char *chunk_start,
354364
size_t chunk_size, void *data)
355365
{
@@ -439,8 +449,8 @@ struct commit_graph *parse_commit_graph(struct repo_settings *s,
439449
&graph->chunk_base_graphs_size);
440450

441451
if (s->commit_graph_generation_version >= 2) {
442-
pair_chunk_unsafe(cf, GRAPH_CHUNKID_GENERATION_DATA,
443-
&graph->chunk_generation_data);
452+
read_chunk(cf, GRAPH_CHUNKID_GENERATION_DATA,
453+
graph_read_generation_data, graph);
444454
pair_chunk_unsafe(cf, GRAPH_CHUNKID_GENERATION_DATA_OVERFLOW,
445455
&graph->chunk_generation_data_overflow);
446456

t/t5318-commit-graph.sh

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -887,4 +887,12 @@ test_expect_success 'reader notices out-of-bounds extra edge' '
887887
test_cmp expect.err err
888888
'
889889

890+
test_expect_success 'reader notices too-small generations chunk' '
891+
check_corrupt_chunk GDA2 clear 00000000 &&
892+
cat >expect.err <<-\EOF &&
893+
error: commit-graph generations chunk is wrong size
894+
EOF
895+
test_cmp expect.err err
896+
'
897+
890898
test_done

0 commit comments

Comments
 (0)