There are a small number of places in our codebase where we cast a buffer of unsigned char to a struct object_id pointer. When we have GIT_MAX_RAWSZ set to 32 (because we have SHA-256), one of these places (the buffer for tree objects) can lead to us copying too much data when using SHA-1 as the hash, since there are only 20 bytes to read. This was not expected to be a problem before future code was introduced, but due to a combination of series the issue became noticeable. This series introduces a refactor to avoid referencing the struct object_id directly from a buffer and instead storing an additional struct object_id (and an int) in struct name_entry and referring to that. This series, while based on master, addresses the interactions seen on pu between the SHA-256 series and the oidset series. There are a small number of conflicts, both textual and logical, when merging this series and pu, but they should be easily resolved. This series contains a final patch which will become necessary at some point for hygienic code, but which could be deferred until later if desired. The testsuite passes with AddressSanitizer at each stage and when merged into pu. brian m. carlson (5): tree-walk: copy object ID before use match-trees: compute buffer offset correctly when splicing match-trees: use hashcpy to splice trees tree-walk: store object_id in a separate member cache: make oidcpy always copy GIT_MAX_RAWSZ bytes builtin/grep.c | 8 ++++---- builtin/merge-tree.c | 20 ++++++++++---------- builtin/pack-objects.c | 4 ++-- builtin/reflog.c | 4 ++-- cache-tree.c | 4 ++-- cache.h | 2 +- contrib/coccinelle/object_id.cocci | 30 ------------------------------ delta-islands.c | 2 +- fsck.c | 4 ++-- http-push.c | 4 ++-- list-objects.c | 6 +++--- match-trees.c | 11 ++++++----- notes.c | 4 ++-- packfile.c | 2 +- revision.c | 4 ++-- tree-diff.c | 6 +++--- tree-walk.c | 21 ++++++++++++--------- tree-walk.h | 9 ++++++--- tree.c | 10 +++++----- unpack-trees.c | 6 +++--- walker.c | 4 ++-- 21 files changed, 71 insertions(+), 94 deletions(-)
