On Thu, 10 Jan 2019 at 02:03, brian m. carlson <sandals@xxxxxxxxxxxxxxxxxxxx> wrote: > > On Wed, Jan 09, 2019 at 10:06:08PM +0100, Martin Ågren wrote: > > i.e., we copy sizeof(struct object_id) (=32) bytes. Which is 12 more > > than what is known to be safe. For this particular input data, we read > > outside allocated memory. > > Anything pointing to a struct object_id has to support at least > GIT_MAX_RAWSZ bytes, and that code doesn't, because it's a tree buffer. > > I ran into this later on in my SHA-256 work and have a series that fixes > the tree-walk code, but it's a bit involved and requires copying the > struct object_id out of the buffer. > > I thought we were going to be triggering this case only with some new > code I was introducing, but apparently somebody else got there first. > As for my series, I'll need to run the testsuite on it, but I'll try to > get it out tonight or at the latest tomorrow if people want to use that > instead. Cool. I should have known that you had something in the pipeline. Thanks for working on this.
