diff options
| author | Patrick Steinhardt <ps@pks.im> | 2024-10-07 06:38:18 +0200 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2024-10-07 15:08:11 -0700 |
| commit | 2be7fc012e6747160b4b6586a1ec209598581ade (patch) | |
| tree | ba4e2d329d83d368396226467a51d8f80efd7ece /t/lib-httpd/broken-smart-http.sh | |
| parent | 9f119599a69eb11f0712cab3bdbc2000eb91abd7 (diff) | |
cache-tree: detect mismatching number of index entries
In t4058 we have some tests that exercise git-read-tree(1) when used
with a tree that contains duplicate entries. While the expectation is
that we fail, we ideally should fail gracefully without a segfault.
But that is not the case: we never check that the number of entries in
the cache-tree is less than or equal to the number of entries in the
index. This can lead to an out-of-bounds read as we unconditionally
access `istate->cache[idx]`, where `idx` is controlled by the number of
cache-tree entries and the current position therein. The result is a
segfault.
Fix this segfault by adding a sanity check for the number of index
entries before dereferencing them.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 't/lib-httpd/broken-smart-http.sh')
0 files changed, 0 insertions, 0 deletions