Bounds check for pack index read

ConradIrwin · bennetbo · ConradIrwin · commit 6e8227ab3895 · 2024-04-15T09:51:14.000-06:00
Fixes: libgit2#6795 Co-Authored-By: Bennet <bennetbo@gmx.de>
diff --git a/src/libgit2/pack.c b/src/libgit2/pack.c
@@ -1525,6 +1525,14 @@ static int pack_entry_find_offset(
 	if (p->index_version > 1) {
 		level1_ofs += 2;
 		index += 8;
+
+		if ((int)short_oid->id[0] + 2 >= p->index_map.len) {
+			git_error_set(GIT_ERROR_INTERNAL, "internal error: p->short_oid->[0] out of bounds");
+			goto cleanup;
+		}
+	} else if ((int)short_oid->id[0] >= p->index_map.len) {
+		git_error_set(GIT_ERROR_INTERNAL, "internal error: p->short_oid->[0] out of bounds");
+		goto cleanup;
 	}
 
 	index += 4 * 256;
