pack-revindex.c: guard against out-of-bounds pack lookups

ttaylorr · gitster · commit e162aed59115 · 2024-06-11T16:08:28.000-07:00
The function midx_key_to_pack_pos() is a helper function used by
midx_to_pack_pos() and midx_pair_to_pack_pos() to translate a (pack,
offset) tuple into a position into the MIDX pseudo-pack order.

Ensure that the pack ID given to midx_pair_to_pack_pos() is bounded by
the number of packs within the MIDX to prevent, for instance,
uninitialized memory from being used as a pack ID.

Signed-off-by: Taylor Blau &lt;me@ttaylorr.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
diff --git a/pack-revindex.c b/pack-revindex.c
@@ -527,6 +527,9 @@ static int midx_key_to_pack_pos(struct multi_pack_index *m,
 {
 	uint32_t *found;
 
+	if (key->pack >= m->num_packs)
+		BUG("MIDX pack lookup out of bounds (%"PRIu32" >= %"PRIu32")",
+		    key->pack, m->num_packs);
 	/*
 	 * The preferred pack sorts first, so determine its identifier by
 	 * looking at the first object in pseudo-pack order.

Original file line number	Diff line number	Diff line change
`@@ -527,6 +527,9 @@ static int midx_key_to_pack_pos(struct multi_pack_index *m,`
`527`	`527`	`{`
`528`	`528`	`uint32_t *found;`
`529`	`529`
	`530`	`+ if (key->pack >= m->num_packs)`
	`531`	`+ BUG("MIDX pack lookup out of bounds (%"PRIu32" >= %"PRIu32")",`
	`532`	`+ key->pack, m->num_packs);`
`530`	`533`	`/*`
`531`	`534`	`* The preferred pack sorts first, so determine its identifier by`
`532`	`535`	`* looking at the first object in pseudo-pack order.`