Hello, git developers. I have found a possible divide by zero problem in read-cache.c. Here is the trace (with links to code location) for triggering the bug: Step 0: (In function do_read_index) [ link: https://github.com/git/git/blob/311531c9de557d25ac087c1637818bd2aad6eb3a/read-cache.c#L2216 ] nr_threads = istate->cache_nr / THREAD_COST; If istate->cache_nr == 0, nr_threads will also obtain 0 value. Step 1: (calling another function load_cache_entries_threaded with nr_threads as an argument ) [ link: https://github.com/git/git/blob/311531c9de557d25ac087c1637818bd2aad6eb3a/read-cache.c#L2247 ] src_offset += load_cache_entries_threaded(istate, mmap, mmap_size, nr_threads, ieot); Step 2: (use nr_threads as divisor, leading to possible divide by zero in function load_cache_entries_threaded) [ link: https://github.com/git/git/blob/311531c9de557d25ac087c1637818bd2aad6eb3a/read-cache.c#L2103 ] ieot_blocks = DIV_ROUND_UP(ieot->nr, nr_threads); Please let me know if you think this bug report is genuine and worth fixing. Thanks, Yiyuan (PS: this report is originally sent to the security mailing list. After some discussions, it seems that it is more appropriate to post it in the public list, considering its threat level.)
