From: Jonathan Nieder <jrnieder@xxxxxxxxx>
Date: Thu, 5 Jul 2012 22:21:09 -0500
All callers pass a nonnegative delta_len, so the code is already safe.
Add an assertion to ensure that remains so and add a cast to keep
clang and gcc -Wsign-compare from worrying.
Reported-by: David Barr <davidbarr@xxxxxxxxxx>
Signed-off-by: Jonathan Nieder <jrnieder@xxxxxxxxx>
---
v2 suppressed the warning by casting "len" to an off_t, producing an
unintentional change (breakage) in functionality on 64-bit systems
when "len" is large.
This version is longer but more conservative.
vcs-svn/svndiff.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/vcs-svn/svndiff.c b/vcs-svn/svndiff.c
index e810d0c3..74c97c45 100644
--- a/vcs-svn/svndiff.c
+++ b/vcs-svn/svndiff.c
@@ -77,8 +77,9 @@ static int error_short_read(struct line_buffer *input)
static int read_chunk(struct line_buffer *delta, off_t *delta_len,
struct strbuf *buf, size_t len)
{
+ assert(*delta_len >= 0);
strbuf_reset(buf);
- if (len > *delta_len ||
+ if (len > (uintmax_t) *delta_len ||
buffer_read_binary(delta, buf, len) != len)
return error_short_read(delta);
*delta_len -= buf->len;
@@ -290,7 +291,7 @@ error_out:
int svndiff0_apply(struct line_buffer *delta, off_t delta_len,
struct sliding_view *preimage, FILE *postimage)
{
- assert(delta && preimage && postimage);
+ assert(delta && preimage && postimage && delta_len >= 0);
if (read_magic(delta, &delta_len))
return -1;
--
1.7.10.4
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html