File tree Expand file tree Collapse file tree 1 file changed +7
-0
lines changed
Expand file tree Collapse file tree 1 file changed +7
-0
lines changed Original file line number Diff line number Diff line change @@ -1499,6 +1499,7 @@ static int pack_entry_find_offset(
14991499 size_t len )
15001500{
15011501 const uint32_t * level1_ofs ;
1502+ size_t ofs_delta = 0 ;
15021503 const unsigned char * index ;
15031504 unsigned hi , lo , stride ;
15041505 int pos , found = 0 ;
@@ -1524,9 +1525,15 @@ static int pack_entry_find_offset(
15241525
15251526 if (p -> index_version > 1 ) {
15261527 level1_ofs += 2 ;
1528+ ofs_delta = 2 ;
15271529 index += 8 ;
15281530 }
15291531
1532+ if ((size_t )short_oid -> id [0 ] + ofs_delta >= p -> index_map .len ) {
1533+ git_error_set (GIT_ERROR_INTERNAL , "internal error: p->short_oid->[0] out of bounds" );
1534+ goto cleanup ;
1535+ }
1536+
15301537 index += 4 * 256 ;
15311538 hi = ntohl (level1_ofs [(int )short_oid -> id [0 ]]);
15321539 lo = ((short_oid -> id [0 ] == 0x0 ) ? 0 : ntohl (level1_ofs [(int )short_oid -> id [0 ] - 1 ]));
You can’t perform that action at this time.
0 commit comments