During abbreviation checks, we navigate to the position within a
pack-index that an OID would be inserted and check surrounding OIDs
for the maximum matching prefix. This position may be beyond the
last position, because the given OID is lexicographically larger
than every OID in the pack. Then nth_packed_object_oid() does not
initialize "oid".
Use the return value of nth_packed_object_oid() to prevent these
errors.
Reported-by: Christian Couder <christian.couder@xxxxxxxxx>
Signed-off-by: Derrick Stolee <dstolee@xxxxxxxxxxxxx>
---
sha1_name.c | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/sha1_name.c b/sha1_name.c
index 611c7d2..44dd595 100644
--- a/sha1_name.c
+++ b/sha1_name.c
@@ -546,17 +546,12 @@ static void find_abbrev_len_for_pack(struct packed_git *p,
* nearby for the abbreviation length.
*/
mad->init_len = 0;
- if (!match) {
- nth_packed_object_oid(&oid, p, first);
+ if (!match && nth_packed_object_oid(&oid, p, first))
extend_abbrev_len(&oid, mad);
- } else if (first < num - 1) {
- nth_packed_object_oid(&oid, p, first + 1);
+ else if (first < num - 1 && nth_packed_object_oid(&oid, p, first + 1))
extend_abbrev_len(&oid, mad);
- }
- if (first > 0) {
- nth_packed_object_oid(&oid, p, first - 1);
+ if (first > 0 && nth_packed_object_oid(&oid, p, first - 1))
extend_abbrev_len(&oid, mad);
- }
mad->init_len = mad->cur_len;
}
--
2.7.4
