Fix integer overflow in unpack_sha1_rest()
[jc: later NUL termination by the caller becomes unnecessary] Signed-off-by: Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Ilari Liusvaara
Junio C Hamano
parent
222083a158
commit
3aee68aa68
@ -1232,7 +1232,7 @@ static int unpack_sha1_header(z_stream *stream, unsigned char *map, unsigned lon
|
|||||||
static void *unpack_sha1_rest(z_stream *stream, void *buffer, unsigned long size, const unsigned char *sha1)
|
static void *unpack_sha1_rest(z_stream *stream, void *buffer, unsigned long size, const unsigned char *sha1)
|
||||||
{
|
{
|
||||||
int bytes = strlen(buffer) + 1;
|
int bytes = strlen(buffer) + 1;
|
||||||
unsigned char *buf = xmalloc(1+size);
|
unsigned char *buf = xmallocz(size);
|
||||||
unsigned long n;
|
unsigned long n;
|
||||||
int status = Z_OK;
|
int status = Z_OK;
|
||||||
|
|
||||||
@ -1260,7 +1260,6 @@ static void *unpack_sha1_rest(z_stream *stream, void *buffer, unsigned long size
|
|||||||
while (status == Z_OK)
|
while (status == Z_OK)
|
||||||
status = git_inflate(stream, Z_FINISH);
|
status = git_inflate(stream, Z_FINISH);
|
||||||
}
|
}
|
||||||
buf[size] = 0;
|
|
||||||
if (status == Z_STREAM_END && !stream->avail_in) {
|
if (status == Z_STREAM_END && !stream->avail_in) {
|
||||||
git_inflate_end(stream);
|
git_inflate_end(stream);
|
||||||
return buf;
|
return buf;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user