undef/git-commit-vandalism
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'il/maint-xmallocz' into maint

Browse Source 
* il/maint-xmallocz:
  Fix integer overflow in unpack_compressed_entry()
  Fix integer overflow in unpack_sha1_rest()
  Fix integer overflow in patch_delta()
  Add xmallocz()
This commit is contained in:
Junio C Hamano 2010-02-10 13:02:16 -08:00
commit c329898abb
4 changed files with 15 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
git-compat-util.h
View File

@ -345,6 +345,7 @@ extern void release_pack_memory(size_t, int);
extern char *xstrdup(const char *str); extern char *xstrdup(const char *str);
extern void *xmalloc(size_t size); extern void *xmalloc(size_t size);
extern void *xmallocz(size_t size);
extern void *xmemdupz(const void *data, size_t len); extern void *xmemdupz(const void *data, size_t len);
extern char *xstrndup(const char *str, size_t len); extern char *xstrndup(const char *str, size_t len);
extern void *xrealloc(void *ptr, size_t size); extern void *xrealloc(void *ptr, size_t size);

3
patch-delta.c
View File

@ -33,8 +33,7 @@ void *patch_delta(const void *src_buf, unsigned long src_size,
/* now the result size */ /* now the result size */
size = get_delta_hdr_size(&data, top); size = get_delta_hdr_size(&data, top);
dst_buf = xmalloc(size + 1); dst_buf = xmallocz(size);
dst_buf[size] = 0;
out = dst_buf; out = dst_buf;
while (data < top) { while (data < top) {

6
sha1_file.c
View File

@ -1232,7 +1232,7 @@ static int unpack_sha1_header(z_stream *stream, unsigned char *map, unsigned lon
static void *unpack_sha1_rest(z_stream *stream, void *buffer, unsigned long size, const unsigned char *sha1) static void *unpack_sha1_rest(z_stream *stream, void *buffer, unsigned long size, const unsigned char *sha1)
{ {
int bytes = strlen(buffer) + 1; int bytes = strlen(buffer) + 1;
unsigned char *buf = xmalloc(1+size); unsigned char *buf = xmallocz(size);
unsigned long n; unsigned long n;
int status = Z_OK; int status = Z_OK;
@ -1260,7 +1260,6 @@ static void *unpack_sha1_rest(z_stream *stream, void *buffer, unsigned long size
while (status == Z_OK) while (status == Z_OK)
status = git_inflate(stream, Z_FINISH); status = git_inflate(stream, Z_FINISH);
} }
buf[size] = 0;
if (status == Z_STREAM_END && !stream->avail_in) { if (status == Z_STREAM_END && !stream->avail_in) {
git_inflate_end(stream); git_inflate_end(stream);
return buf; return buf;
@ -1583,8 +1582,7 @@ static void *unpack_compressed_entry(struct packed_git *p,
z_stream stream; z_stream stream;
unsigned char *buffer, *in; unsigned char *buffer, *in;
buffer = xmalloc(size + 1); buffer = xmallocz(size);
buffer[size] = 0;
memset(&stream, 0, sizeof(stream)); memset(&stream, 0, sizeof(stream));
stream.next_out = buffer; stream.next_out = buffer;
stream.avail_out = size + 1; stream.avail_out = size + 1;

15
wrapper.c
View File

@ -34,6 +34,16 @@ void *xmalloc(size_t size)
return ret; return ret;
} }
void *xmallocz(size_t size)
{
void *ret;
if (size + 1 < size)
die("Data too large to fit into virtual memory space.");
ret = xmalloc(size + 1);
((char*)ret)[size] = 0;
return ret;
}
/* /*
* xmemdupz() allocates (len + 1) bytes of memory, duplicates "len" bytes of * xmemdupz() allocates (len + 1) bytes of memory, duplicates "len" bytes of
* "data" to the allocated memory, zero terminates the allocated memory, * "data" to the allocated memory, zero terminates the allocated memory,
@ -42,10 +52,7 @@ void *xmalloc(size_t size)
*/ */
void *xmemdupz(const void *data, size_t len) void *xmemdupz(const void *data, size_t len)
{ {
char *p = xmalloc(len + 1); return memcpy(xmallocz(len), data, len);
memcpy(p, data, len);
p[len] = '\0';
return p;
} }
char *xstrndup(const char *str, size_t len) char *xstrndup(const char *str, size_t len)