In a similar spirit as the previous commits, ensure that we use
`st_add()` or `st_mult()` when computing values that may overflow the
32-bit unsigned limit.
Note that in each of these instances, we prevent 32-bit overflow
already since we have explicit casts to `size_t`.
So this code is OK as-is, but let's clarify it by using the `st_xyz()`
helpers to make it obvious that we are performing the relevant
computations using 64 bits.
Signed-off-by: Taylor Blau <me@xxxxxxxxxxxx>
---
packfile.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/packfile.c b/packfile.c
index 70acf1694b..e8e01e348e 100644
--- a/packfile.c
+++ b/packfile.c
@@ -1948,14 +1948,15 @@ off_t nth_packed_object_offset(const struct packed_git *p, uint32_t n)
const unsigned int hashsz = the_hash_algo->rawsz;
index += 4 * 256;
if (p->index_version == 1) {
- return ntohl(*((uint32_t *)(index + (hashsz + 4) * (size_t)n)));
+ return ntohl(*((uint32_t *)(index + st_mult(hashsz + 4, n))));
} else {
uint32_t off;
- index += 8 + (size_t)p->num_objects * (hashsz + 4);
- off = ntohl(*((uint32_t *)(index + 4 * n)));
+ index += st_add(8, st_mult(p->num_objects, hashsz + 4));
+ off = ntohl(*((uint32_t *)(index + st_mult(4, n))));
if (!(off & 0x80000000))
return off;
- index += (size_t)p->num_objects * 4 + (off & 0x7fffffff) * 8;
+ index += st_add(st_mult(p->num_objects, 4),
+ st_mult(off & 0x7fffffff, 8));
check_pack_index_ptr(p, index);
return get_be64(index);
}
--
2.41.0.347.g7b976b8871f
