git-commit-vandalism/ewah
Jeff King 9d2e330b17 ewah_read_mmap: bounds-check mmap reads
The on-disk ewah format tells us how big the ewah data is,
and we blindly read that much from the buffer without
considering whether the mmap'd data is long enough, which
can lead to out-of-bound reads.

Let's make sure we have data available before reading it,
both for the ewah header/footer as well as for the bit data
itself. In particular:

  - keep our ptr/len pair in sync as we move through the
    buffer, and check it before each read

  - check the size for integer overflow (this should be
    impossible on 64-bit, as the size is given as a 32-bit
    count of 8-byte words, but is possible on a 32-bit
    system)

  - return the number of bytes read as an ssize_t instead of
    an int, again to prevent integer overflow

  - compute the return value using a pointer difference;
    this should yield the same result as the existing code,
    but makes it more obvious that we got our computations
    right

The included test is far from comprehensive, as it just
picks a static point at which to truncate the generated
bitmap. But in practice this will hit in the middle of an
ewah and make sure we're at least exercising this code.

Reported-by: Luat Nguyen <root@l4w.io>
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2018-06-18 09:13:57 -07:00
..
bitmap.c Replace Free Software Foundation address in license notices 2017-11-09 13:21:21 +09:00
ewah_bitmap.c Replace Free Software Foundation address in license notices 2017-11-09 13:21:21 +09:00
ewah_io.c ewah_read_mmap: bounds-check mmap reads 2018-06-18 09:13:57 -07:00
ewah_rlw.c Replace Free Software Foundation address in license notices 2017-11-09 13:21:21 +09:00
ewok_rlw.h Replace Free Software Foundation address in license notices 2017-11-09 13:21:21 +09:00
ewok.h ewah_read_mmap: bounds-check mmap reads 2018-06-18 09:13:57 -07:00